UNIT 1 - INTRODUCTION

1.1 HISTORY

 Julius Caesar-Caesar Cipher c50 B.C., which was created in order to prevent his secret
messages from being, read should a message fall into the wrong hands.

 The end of the 20th century and early years of the 21st century saw rapid advancements in
telecommunications, computing hardware and software, and data encryption.

Introduction

Information technology is the vehicle that stores and transports information—a

company’s most valuable resource—from one business unit to another. But what happens if the
vehicle breaks down, even for a little while? As businesses have become more fluid, the
concept of computer security has been replaced by the concept of information security.

Because this new concept covers a broader range of issues, from the protection of data
to the protection of human resources, information security is no longer the sole responsibility of
a discrete group of people in the company; rather, it is the responsibility of every employee,
and especially managers.

Organizations must realize that information security funding and planning decisions
involve more than just technical managers: Rather, the process should involve three distinct
groups of decision makers, or communities of interest:

 Information security managers and professionals

 Information technology managers and professionals

 Nontechnical business managers and professionals

These communities of interest fulfill the following roles:

 The information security community protects the organization’s information assets from the
many threats they face.

 The information technology community supports the business objectives of the organization by
supplying and supporting information technology appropriate to thebusiness’ needs.

 The nontechnical general business community articulates and communicates organizational

policy and objectives and allocates resources to the other groups.

1.2 WHAT IS SECURITY?

Understanding the technical aspects of information security requires that you know the
definitions of certain information technology terms and concepts. In general, security is defined
 as “the quality or state of being secure—to be free from danger.”

Security is often achieved by means of several strategies usually undertaken

simultaneously or used in combination with one another.

Specialized areas of security

 Physical security, which encompasses strategies to protect people, physical assets, and the
workplace from various threats including fire, unauthorized access, or natural disasters

 Personal security, which overlaps with physical security in the protection of the people within
the organization

 Operations security, which focuses on securing the organization’s ability to carry out its
operational activities without interruption or compromise

 Communications security, which encompasses the protection of an organization’s

communications media, technology, and content, and its ability to use these tools to achieve the
organization’s objectives

 Network security, which addresses the protection of an organization’s data networking

devices, connections, and contents, and the ability to use that network to accomplish the
organization’s data communication functions

 Information security includes the broad areas of information security management, computer
and data security, and network security.

Where it has been used?

 Governments, military, financial institutions, hospitals, and private businesses.

 Protecting confidential information is a business requirement.

1.2.1 Information Security components:

 Confidentiality

 Integrity

 Availability(CIA)

CIA Triangle

The C.I.A. triangle - confidentiality, integrity, and availability - has expanded into a
more comprehensive list of critical characteristics of information. At the heart of the study of
information security is the concept of policy. Policy, awareness, training, education, and
technology are vital concepts for the protection of information and for keeping information
 systems from danger.

1.3 CRITICAL CHARACTERISTICS OF INFORMATION

 Confidentiality

 Integrity

 Availability

 Privacy

 Identification

 Authentication

 Authorization

 Accountability

 Accuracy

 Utility Possession
1.3.1 Confidentiality

Confidentiality of information ensures that only those with sufficient privileges may
access certain information. When unauthorized individuals or systems can access information,
confidentiality is breached. To protect the confidentiality of information, a number of measures
are used:

 Information classification

 Secure document storage

 Application of general security policies

 Education of information custodians and end users

Example, a credit card transaction on the Internet.

 The system attempts to enforce confidentiality by encrypting the card number during
transmission, by limiting the places where it might appear (in data bases, log files, backups,
printed receipts, and so on), and by restricting access to the places where it is stored.

 Giving out confidential information over the telephone is a breach of confidentiality if the
caller is not authorized to have the information, it could result in a breach of confidentiality.

Integrity

Integrity is the quality or state of being whole, complete, and uncorrupted. The
integrity of information is threatened when it is exposed to corruption, damage, destruction, or
other disruption of its authentic state. Corruption can occur while information is being
compiled, stored, or transmitted.

 Integrity means that data cannot be modified without authorization.

 Eg: Integrity is violated when an employee deletes important data files, when a computer virus
infects a computer, when an employee is able to modify his own salary in a payroll database,
when an unauthorized user vandalizes a website, when someone is able to cast a very large
number of votes in an online poll, and so on.
1.3.2 Availability

Availability is the characteristic of information that enables user access to information

without interference or obstruction and in a required format. A user in this definition may be
either a person or another computer system. Availability does not imply that the information is
accessible to any user; rather, it means availability to authorized users.

 For any information system to serve its purpose, the information must be available when it is
needed.
  Eg: High availability systems aim to remain available at all times, preventing service
disruptions due to power outages, hardware failures, and system upgrades.

Privacy

The information that is collected, used, and stored by an organization is to be used only
for the purposes stated to the data owner at the time it was collected. This definition of privacy
does focus on freedom from observation (the meaning usually associated with the word), but
rather means that information will be used only in ways known to the person providing it.

Identification

An information system possesses the characteristic of identification when it is able to

recognize individual users. Identification and authentication are essential to establishing the
levelof access or authorization that an individual is granted.

Authentication

Authentication occurs when a control provides proof that a user possesses the
identitythat he or she claims.

 In computing, e-Business and information security it is necessary to ensure that the data,
transactions, communications or documents(electronic or physical) are genuine(i.e. they have
not been forged or fabricated)

Authorization

After the identity of a user is authenticated, a process called authorization provides

assurance that the user (whether a person or a computer) has been specifically and explicitly
authorized by the proper authority to access, update, or delete the contents of an information
asset.

Accountability

The characteristic of accountability exists when a control provides assurance that every
activity undertaken can be attributed to a named person or automated process. For example,
auditlogs that track user activity on an information system provide accountability.

1.3.3 Accuracy

Information should have accuracy. Information has accuracy when it is free from
mistakes or errors and it has the value that the end users expects. If information contains a
value different from the user’s expectations, due to the intentional or unintentional modification
of its content, it is no longer accurate.

Utility

Information has value when it serves a particular purpose. This means that if
 information is available, but not in a format meaningful to the end user, it is not useful. Thus,
the value of information depends on its utility.

Possession

The possession of Information security is the quality or state of having ownership or

control of some object or item.

1.4 NSTISSC SECURITY MODEL

‘National Security Telecommunications & Information systems security committee’

document.

It is now called the National Training Standard for Information security professionals.

The NSTISSC Security Model provides a more detailed perspective on security.

While the NSTISSC model covers the three dimensions of information security, it omits
discussion of detailed guidelines and policies that direct the implementation of controls.

Another weakness of using this model with too limited an approach is to view it from a
singleperspective.

 The 3 dimensions of each axis become a 3x3x3 cube with 27 cells representing areas
that must be addressed to secure today’s Information systems.

 To ensure system security, each of the 27 cells must be properly addressed during the security
process.

 For example, the intersection between technology, Integrity & storage areas requires a control
or safeguard that addresses the need to use technology to protect the Integrity of information
while in storage.
 1.5 COMPONENTS OF AN INFORMATION SYSTEM

 Software

 Hardware

 Data

 People

 Procedures

 Networks

1.5.1 Software

 The software components of IS comprises applications, operating systems, and assorted

command utilities.

 Software programs are the vessels that carry the lifeblood of information through an
organization. These are often created under the demanding constraints of project management,
which limit time, cost, and manpower.

1.5.2 Hardware

 Hardware is the physical technology that houses and executes the software, stores and carries
the data, and provides interfaces for the entry and removal of information from thesystem.

 Physical security policies deal with hardware as a physical asset and with the protection of
these physical assets from harm or theft. Applying the traditional tools of physical

security, such as locks and keys, restricts access to and interaction with the hardware
components of an information system.

 Securing the physical location of computers and the computers themselves is important because
a breach of physical security can result in a loss of information. Unfortunately, most
information systems are built on hardware platforms that cannot guarantee any level of
information security if unrestricted access to the hardware is possible.

1.5.3 Data

 Data stored, processed, and transmitted through a computer system must be protected.

 Data is often the most valuable asset possessed by an organization and is the main target of
intentional attacks.

 The raw, unorganized, discrete(separate, isolated) potentially-useful facts and figures that are
 later processed(manipulated) to produce information.

1.5.4 People

There are many roles for people in information systems. Common ones include

 Systems Analyst

 Programmer

 Technician

 Engineer

 Network Manager

 MIS ( Manager of Information Systems )

 Data entry operator

1.5.5 Procedures

A procedure is a series of documented actions taken to achieve something. A procedure

is more than a single simple task. A procedure can be quite complex and involved, such as
performing a backup, shutting down a system, patching software.

1.5.6 Networks

 When information systems are connected to each other to form Local Area Network (LANs),
and these LANs are connected to other networks such as the Internet, new security challenges
rapidly emerge.

 Steps to provide network security are essential, as is the implementation of alarm and
intrusion systems to make system owners aware of ongoing compromises.

1.6 SECURING COMPONENTS

Protecting the components from potential misuse and abuse by unauthorized users.

 Subject of an attack

Computer is used as an active tool to conduct the attack.

 Object of an attack

Computer itself is the entity being attacked

 Two types of attacks:

1. Direct attack

2. Indirect attack

Internet
Stolen Information
REMOTE
Hacker request SYSTEM
SYSTEM

Hacker using a computer Remote system that

as the subject of attack is the object of an attack

Figure 1.6.1 Attack

1. Direct attack

When a Hacker uses his personal computer to break into a system.[Originate from
the threat itself]

2. Indirect attack

When a system is compromised and used to attack other system.

[Originate from a system or resource that itself has been attacked, and is malfunctioning or
working under the control of a threat].

A computer can, therefore, be both the subject and object of an attack when ,for
example, it is first the object of an attack and then compromised and used to attack other
systems, at which point it becomes the subject of an attack.

1.7 BALANCING INFORMATION SECURITY AND ACCESS

Has to provide the security and is also

feasible to access the information for its application.

Information Security cannot be an absolute: it is a process, not a goal.

 Should balance protection and availability.
Approaches to Information Security Implementation

Bottom- up- approach.

Top-down-approach

Has higher probability of success.

 Project is initiated by upper level managerswho issue policy & procedures & processes.

 Dictate the goals & expected outcomes ofthe project.

 Determine who is suitable for each of therequired action.

1.8

THE SYSTEMS DEVELOPMENT LIFE CYCLE (SDLC)

SDLC Waterfall Methodology

SDLC-is a methodology for the design and implementation of an information system in

anorganization.

 A methodology is a formal approach to solving a problem based on a structured sequence of

procedures.

 SDLC consists of 6 phases.

Investigation

Analysis

Logical design

Physical design
 Implementation

Repeat Maintenance and

change

Figure 1.8.1 Systems Development Life Cycle

1.8.1 Investigation

 It is the most important phase and it begins with an examination of the event or plan that
initiates the process.

 During this phase, the objectives, constraints, and scope of the project are specified.

 At the conclusion of this phase, a feasibility analysis is performed, which assesses the
economic, technical and behavioral feasibilities of the process and ensures that implementation
is worth the organization’s time and effort.

1.8.2 Analysis

 It begins with the information gained during the investigation phase.

 It consists of assessments (quality) of the organization, the status of current systems, and the
capability to support the proposed systems.

 Analysts begin by determining what the new system is expected to do, and how it will interact
with existing systems.

 This phase ends with the documentation of the findings and an update of the feasibility
analysis.

1.8.3 Logical Design

 In this phase, the information gained from the analysis phase is used to begin creating a systems
solution for a business problem.

 Based on the business need, applications are selected that are capable of providing needed
services.
  Based on the applications needed, data support and structures capable of providing the needed
inputs are then chosen.

 In this phase, analysts generate a number of alternative solutions, each with corresponding
strengths and weaknesses, and costs and benefits.

 At the end of this phase, another feasibility analysis is performed.

1.8.4 Physical design

 In this phase, specific technologies are selected to support the solutions developed in the
logical design.

 The selected components are evaluated based on a make-or-buy decision.

 Final designs integrate various components and technologies.

1.8.5 Implementation

 In this phase, any needed software is created.

 Components are ordered, received and tested.

 Afterwards, users are trained and supporting documentation created.

 Once all the components are tested individually, they are installed and tested as asystem.

 Again a feasibility analysis is prepared, and the sponsors are then presented with the system
for a performance review and acceptance test.

1.8.6 Maintenance and change

 It is the longest and most expensive phase of the process.

 It consists of the tasks necessary to support and modify the system for the remainder of its
useful life cycle.

 Periodically, the system is tested for compliance, with business needs.

 Upgrades, updates, and patches are managed.

 As the needs of the organization change, the systems that support the organization must also
change.

 When a current system can no longer support the organization, the project is terminated and a
new project is implemented.
1.9 THE SECURITY SYSTEMS DEVELOPMENT LIFE CYCLE (SEC SDLC )

The same phases used in the traditional SDLC can be adapted to support the
implementation of an information security project.

1.9.1

Sec SDLC phases

Investigation

 This phase begins with a directive from upper management, dictating the process,
outcomes, and goals of the project, as well as its budget and other constraints.

 Frequently, this phase begins with an enterprise information security policy, which outlines
the implementation of a security program within the organization.

 Teams of responsible managers, employees, and contractors are organized.

 Problems are analyzed.

 Scope of the project, as well as specific goals and objectives, and any additional
constraints not covered in the program policy, are defined.

 Finally, an organizational feasibility analysis is performed to determine whether the

organization has the resources and commitment necessary to conduct a successful security
analysis and design.

Analysis

 In this phase, the documents from the investigation phase are studied.

 The developed team conducts a preliminary analysis of existing security policies or programs,
along with that of documented current threats and associated controls.

 The risk management task also begins in this phase.

Risk management is the process of identifying, assessing, and evaluating the levels of
risk facing the organization, specifically the threats to the organization’s security and to the
information stored and processed by the organization.

Logical design

 This phase creates and develops the blueprints for information security, and examines and
implements key policies.
 The team plans the incident response actions.

 Plans business response to disaster.

 Determines feasibility of continuing and outsourcing the project.

Physical design

 In this phase, the information security technology needed to support the blueprint outlined in
the logical design is evaluated.

 Alternative solutions are generated.

 Designs for physical security measures to support the proposed technological solutions are
created.

 At the end of this phase, a feasibility study should determine the readiness of the
organization for the proposed project.

 At this phase, all parties involved have a chance to approve the project beforeimplementation
begins.

Implementation

 Similar to traditional SDLC

 The security solutions are acquired ( made or bought ), tested, implemented, and testedagain

 Personnel issues are evaluated and specific training and education programs areconducted.

 Finally, the entire tested package is presented to upper management for final approval.

Maintenance and change

 Constant monitoring, testing, modification, updating, and repairing to meet changing threats
have been done in this phase.

1.9.2 S

ecurity Professionals and the organization

Senior management

Chief information Officer (CIO) is the responsible for

 Assessment
 Management

 And implementation of information security in the organization

Information Security Project Team

 Champion

- Promotes the project

- Ensures its support, both financially & administratively.

 Team Leader

- Understands project management

- Personnel management

- And information Security technical requirements.

 Security policy developers

- individuals who understand the organizational culture,

- existing policies

- Requirements for developing & implementing successful policies.

 Risk assessment specialists

- Individuals who understand financial risk assessment techniques.

- The value of organizational assets,

- and the security methods to be used.

 Security Professionals

- Dedicated

- Trained, and well educated specialists in all aspects of information security from both a
technical and non technical stand point.

 System Administrators

- Administrating the systems that house the information used by the organization.
  End users

Data Owners

- Responsible for the security and use of a particular set of information.

- Determine the level of data classification

- Work with subordinate managers to oversee the day-to-day administration of the data.

Data Custodians

- Responsible for the storage, maintenance, and protection of the information.

- Overseeing data storage and backups

- Implementing the specific procedures and policies.

Data Users (End users)

- Work with the information to perform their daily jobs supporting the mission of the
organization.

- Everyone in the organization is responsible for the security of data, so data users are included
here as individuals with an information security role.

1.9.3 Key Terms in Information Security Terminology

 Asset

-An asset is the organizational resource that is being protected.

-An Asset can be logical ,such as

Website, information or data

- Asset can be physical, such as

person , computer system

 Attack

- An attack is an intentional or unintentional attempt to cause damage to or otherwise

compromise the information and /or the systems that support it. If someone casually reads
sensitive information not intended for his use, this is considered a passive attack. If a hacker
attempts to break into an information system, the attack is considered active.
 Risk

- Risk is the probability that something can happen. In information security, it could be the
probability of a threat to a system.

 Security Blueprint

- It is the plan for the implementation of new security measures in the organization. Sometimes
called a frame work, the blueprint presents an organized approach to the security planning
process.

 Security Model

- A security model is a collection of specific security rules that represents the

implementation of a security policy.
 Threats

- A threat is a category of objects, persons, or other entities that pose a potential danger to an
asset. Threats are always present. Some threats manifest themselves in accidental occurrences,
while others are purposeful. For example, all hackers represent potential danger or threat to an
unprotected information system. Severe storms are also a threat tobuildings and their contents.

 Threat agent

- A threat agent is the specific instance or component of a threat. For example, you can think of
all hackers in the world as a collective threat, and Kevin Mitnick, who was convicted for
hacking into phone systems, as a specific threat agent. Likewise, a specific lightning strike,
hailstorm, or tornado is a threat agent that is part of the threat of severe storms.

 Vulnerability

- Weaknesses or faults in a system or protection mechanism that expose information to attack or

damage are known as vulnerabilities. Vulnerabilities that have been examined, documented, and
published are referred to as well-known vulnerabilities.

 Exposure

- The exposure of an information system is a single instance when the system is open to damage.
Vulnerabilities can cause an exposure to potential damage or attack from a threat. Total
exposure is the degree to which an organization’s assets are at risk of attack from a threat..
 UNIT II - SECURITY INVESTIGATION

2.1 NEED FOR SECURITY

The purpose of information security management is to ensure business continuity and

reduce business damage by preventing and minimizing the impact of security incidents. The
Audit Commission Update report (1998) shows that fraud or cases of IT abuse often occur due
to the absence of basic controls, with one half of all detected frauds found by accident. An
Information Security Management System (ISMS) enables information to be shared, whilst
ensuring the protection of information and computing assets.

At the most practical level, securing the information on your computer means:

 Ensuring that your information remains confidential and only those who should access that
information, can.

 Knowing that no one has been able to change your information, so you can depend on its
accuracy (information integrity).

 Making sure that your information is available when you need it (by making back-up
copies and, if appropriate, storing the back-up copies off-site).

2.2 BUSINESS NEEDS FIRST

Information security performs four important functions for an organization:

1. Protects the organization’s ability to function

2. Enables the safe operation of applications implemented on the organization’s IT systems.

3. Protects the data the organization collects and uses.

4. Safeguards the technology assets in use at the organization.

1. Protecting the functionality of an organization

 Decision makers in organizations must set policy and operate their organizations in compliance
with the complex, shifting legislation that controls the use oftechnology.

2. Enabling the safe operation of applications

 Organizations are under immense pressure to acquire and operate integrated, efficient, and
capable applications

 The modern organization needs to create an environment that safeguards applications using the
organization’s IT systems, particularly those applications that serve as important elements of
the infrastructure of the organization.
 3. Protecting data that organizations collect & use

 Protecting data in motion

 Protecting data at rest

 Both are critical aspects of information security.

 The value of data motivates attackers to seal, sabotage, or corrupt it.

 It is essential for the protection of integrity and value of the organization’s data

4. Safeguarding Technology assets in organizations

 Must add secure infrastructure services based on the size and scope of the enterprise.
 Organizational growth could lead to the need for public key infrastructure, PKI, an integrated
system of software, encryption methodologies.
2.3 THREATS

To protect an organization’s information, you must

1. Know yourself

(i.e) be familiar wit the information to be protected, and the systems that store,
transport and process it.

2. Know the threats you face

To make sound decisions about information security, management must be

informed about the various threats facing the organization, its application, data and information
systems.

A threat is an object, person, or other entity, that represents a constant danger to an asset.

2.3.1 Threats to Information Security

Categories of threat Examples

Acts of human error or failure -- Accidents, employee mistakes

Compromises to intellectual property -- Piracy, copyright infringement

Deliberate acts of espionage or trespass -- Unauthorized access and/or/data

collection
Deliberate acts of information -- Blackmail or information disclosure
extortion
Deliberate acts of sabotage or -- Destruction of systems or information
 vandalism

Deliberate acts of theft -- Illegal confiscation of equipment or

information

Deliberate software attacks -- Viruses, worms, macros, denial-of-service

Forces of nature -- Fire, flood, earthquake, lightning

Deviations in quality of service -- ISP, power ,or WAN service providers

Technical hardware failures or errors -- Equipment failure

Technical software failures or errors -- Bugs, code problems, unknown loopholes

Technological obsolescence -- Antiquated or outdated technologies

2.3.2 Threats

1. Acts of Human Error or Failure:

 Acts performed without intent or malicious purpose by an authorized user.

 because of in experience ,improper training,

 Making of incorrect assumptions.

One of the greatest threats to an organization’s information security is the organization’s own
employees.

 Entry of erroneous data

 accidental deletion or modification of data

 storage of data in unprotected areas.

 Failure to protect information can be prevented with

- Training

- Ongoing awareness activities

-Verification by a second party

- Many military applications have robust, dual- approval controls built in .

2. Compromises to Intellectual Property

 Intellectual Property is defined as the ownership of ideas and control over the tangible or
 virtual representation of those ideas.
 Intellectual property includes trade secrets, copyrights, trademarks, and patents.
 Once intellectual property has been defined and properly identified, breaches to IP constitute a
threat to the security of this information.
 Organization purchases or leases the IP of other organizations.
 Most Common IP breach is the unlawful use or duplication of software based intellectual
property more commonly known as software Piracy.
 Software Piracy affects the world economy.
 U.S provides approximately 80% of world’s software.

In addition to the laws surrounding software piracy, two watch dog organizations
investigate allegations of software abuse.

1. Software and Information Industry Association (SIIA)

(i.e)Software Publishers Association

2. Business Software Alliance (BSA)

 Another effort to combat (take action against) piracy is the online registrationprocess.

3. Deliberate Acts of Espionage or Trespass

 Electronic and human activities that can breach the confidentiality of information.
 When an unauthorized individual’s gain access to the information an organization is
trying to protect is categorized as act of espionage or trespass.
 Attackers can use many different methods to access the information stored in an information
system.

1. Competitive Intelligence[use web browser to get information from marketresearch]

2. Industrial espionage(spying)

3. Shoulder Surfing(ATM)

Trespass
 Can lead to unauthorized real or virtual actions that enable information gatherers to enter
premises or systems they have not been authorized to enter.
 Sound principles of authentication & authorization can help organizations protect valuable
information and systems.
 Hackers-> “People who use and create computer software to gain access to information
illegally”
 There are generally two skill levels among hackers.
 Expert Hackers-> Masters of several programming languages, networking protocols, and
operating systems .
 Unskilled Hackers

4. Deliberate Acts of information Extortion (obtain by force or threat)

 Possibility of an attacker or trusted insider stealing information from a computer system and
demanding compensation for its return or for an agreement not to disclose theinformation.

5. Deliberate Acts of sabotage or Vandalism

 Destroy an asset or

 Damage the image of organization

 Cyber terrorism-Cyber terrorists hack systems to conduct terrorist activities through network or
internet pathways.

6. Deliberate Acts of Theft

 Illegal taking of another’s property-- is a constant problem.

 Within an organization, property can be physical, electronic, or intellectual.

 Physical theft can be controlled by installation of alarm systems.

 Trained security professionals.

 Electronic theft control is under research.

7. Deliberate Software Attacks

 Because of malicious code or malicious software or sometimes malware.

 These software components are designed to damage, destroy or deny service to the target
system.

 More common instances are

 Virus, Worms, Trojan horses, Logic bombs, Backdoors.

 “The British Internet Service Provider Cloudnine” be the first business “hacked out of
existence”

7.1 Virus

 Segments of code that performs malicious actions.

 Virus transmission is at the opening of Email attachment files.

 Macro virus-> Embedded in automatically executing macrocode common in word processors,

spreadsheets and database applications.
  Boot Virus-> infects the key operating files located in the computer’s boot sector.

7.2 Worms

 A worm is a malicious program that replicates itself constantly, without requiring another
program to provide a safe environment for replication.
 Worms can continue replicating themselves until they completely fill available resources, such
as memory, hard drive space, and network bandwidth.
 Eg: MS-Blaster, MyDoom, Netsky, are multifaceted attack worms.
 Once the worm has infected a computer , it can redistribute itself to all e-mail addressesfound
on the infected system.
 Furthermore, a worm can deposit copies of itself onto all Web servers that the infected
systems can reach, so that users who subsequently visit those sites become infected.

7.3 Trojan Horses

 Are software programs that hide their true nature and reveal their designed behavior onlywhen
activated.

Trojan horse releases its

Trojan horse Trojan horse is
payload, monitors
arrives via E- activated when
computer activity,
mail or software the software or
installs back door, or
such as free attachment is
transmits information to
games executed.
hacker

Figure 7.3.1 Trojan horse Attack

7.4 Back Door or Trap Door

 A Virus or Worm has a payload that installs a backdoor or trapdoor component in a

system, which allows the attacker to access the system at will with special privileges.

Eg: Back Orifice

Polymorphism

 A Polymorphic threat is one that changes its apparent shape over time, making it
undetectable by techniques that look for preconfigured signatures.

 These viruses and Worms actually evolve, changing their size, and appearance to elude
detection by antivirus software programs.
 7.5

Virus & Worm Hoaxes

Types of Trojans

 Data Sending Trojans

 Proxy Trojans

 FTP Trojans

 Security software disabler Trojans

 Denial of service attack Trojans(DOS)

Vir
us
 A program or piece of code that be loaded on to your computer, without your
knowledge and run against your wishes.

Wor
m
 A program or algorithm that replicates itself over a computer network and usually
performs malicious actions.
 Trojan Horse

 A destructive program that masquerade on beginning application, unlike viruses, Trojan horse do
not replicate themselves.

Blended threat

 Blended threats combine the characteristics of virus, worm, Trojan horses & malicious code
with server and Internet Vulnerabilities.

Antivirus Program

 A Utility that searches a hard disk for viruses and removes any that found.

7.8 Forces of Nature

 Fire: Structural fire that damages the building. Also encompasses smoke damage from a fire or
water damage from sprinkles systems.
 Flood: Can sometimes be mitigated with flood insurance and/or businessinterruption Insurance.
 Earthquake: Can sometimes be mitigated with specific causality insurance and/or business
interruption insurance, but is usually a separate policy.
 Lightning: An Abrupt, discontinuous natural electric discharge in the
atmosphere.
 Landslide/Mudslide: The downward sliding of a mass of earth & rocks directly damaging all
parts of the information systems.
 Tornado/Severe Windstorm
 Huricane/typhoon
 Tsunami
 Electrostatic Discharge (ESD)
 Dust Contamination
Since it is not possible to avoid force of nature threats, organizations must implement controls
to limit damage.

 They must also prepare contingency plans for continued operations, such as disaster recovery plans,
business continuity plans, and incident response plans, to limit losses in the face of these threats.

7.9 Deviations in Quality of Service

 A product or service is not delivered to the organization as expected.

 The Organization’s information system depends on the successful operation of many
interdependent support systems.
 It includes power grids, telecom networks, parts suppliers, service vendors, and even the janitorial
staff & garbage haulers.
 This degradation of service is a form of availability disruption.

Internet Service Issues

 Internet service Provider(ISP) failures can considerably undermine the availability of information.
 The web hosting services are usually arranged with an agreement providing minimum service
levels known as a Service level Agreement (SLA).
 When a Service Provider fails to meet SLA, the provider may accrue fines to cover losses incurred
by the client, but these payments seldom cover the losses generated by the outage.
 Communications & Other Service Provider Issues

 Other utility services can affect the organizations are telephone, water, waste water, trash pickup,
cable television, natural or propane gas, and custodial services.
 The loss of these services can impair the ability of an organization to function.
 For an example, if the waste water system fails, an organization might be prevented from allowing
employees into the building.
 This would stop normal business operations.

Power Irregularities

 Fluctuations due to power excesses.

 Power shortages &
 Power losses

This can pose problems for organizations that provide inadequately conditioned
power for their information systems equipment.

 When voltage levels spike (experience a momentary increase),or surge ( experience prolonged
increase ), the extra voltage can severely damage or destroy equipment.
 The more expensive uninterruptible power supply (UPS) can protect against spikes andsurges.
7.10 Technical Hardware Failures or Errors

 Resulting in unreliable service or lack of availability

 Some errors are terminal, in that they result in unrecoverable loss of equipment.
 Some errors are intermittent, in that they resulting in faults that are not easily repeated.

7.11 Technical software failures or errors

 This category involves threats that come from purchasing software with unknown, hiddenfaults.
 Large quantities of computer code are written, debugged, published, and sold before alltheir bugs
are detected and resolved.
 These failures range from bugs to untested failure conditions.

7.12 Technological obsolescence

 Outdated infrastructure can lead to unreliable and untrustworthy systems.

 Management must recognize that when technology becomes outdated, there is a risk of loss of
data integrity from attacks.

2.4 ATTACKS

 An attack is an act of or action that takes advantage of a vulnerability to compromise a

controlled system.
 It is accomplished by a threat agent that damages or steals an organization’s information
or physical asset.
 Vulnerability is an identified weakness in a controlled system, where controls are notpresent or
are no longer effective.
 Attacks exist when a specific act or action comes into play and may cause a potentialloss.

2.4.1 Malicious code

 The malicious code attack includes the execution of viruses, worms, Trojan horses, and active
 Web scripts with the intent to destroy or steal information.
 The state –of-the-art malicious code attack is the polymorphic or multivector, worm.
 These attack programs use up to six known attack vectors to exploit a variety of vulnerabilities in
commonly found information system devices.

2.4.2 Attack Replication Vectors

1. IP scan & attack

2. Web browsing

3. Virus

4. Unprotected shares

5. Mass mail

6. Simple Network Management Protocol(SNMP)

1. IP scan & attack

 The infected system scans a random or local range of IP addresses and targets any of several
vulnerabilities known to hackers.

2. Web browsing

 If the infected system has write access to any Web pages, it makes all Web content files
(.html,.asp,.cgi & others) infectious, so that users who browse to those pages become infected.

3. Virus

 Each infected machine infects certain common executable or script files on all computers to which
it can write with virus code that can cause infection.

4. Unprotected shares

 Using vulnerabilities in file systems and the way many organizations configure them, the infected
machine copies the viral component to all locations it can reach.

5. Mass Mail

 By sending E-mail infections to addresses found in the address book, the infected machine infects
many users, whose mail -reading programs also automatically run the program & infect other
systems.

6. Simple Network Management Protocol (SNMP)

 By using the widely known and common passwords that were employed in early versions of this
protocol, the attacking program can gain control of the device. Most vendors have closed these
vulnerabilities with software upgrades.

2.4.3 E

xamplesHoaxes
 A more devious approach to attacking the computer systems is the transmission of a virushoax with
a real virus attached.
 Even though these users are trying to avoid infection, they end up sending the attack on to their co-
workers.

Backdoors

 Using a known or previously unknown and newly discovered access mechanism, an attacker
can gain access to a system or network resource through a back door.
 Sometimes these entries are left behind by system designers or maintenance staff, and thus
referred to as trap doors.
 A trap door is hard to detect, because very often the programmer who puts it in place alsomakes the
access exempt from the usual audit logging features of the system.

Password Crack

 Attempting to reverse calculate a password is often called cracking.

 A password can be hashed using the same algorithm and compared to the hashed results, If they
are same, the password has been cracked.
 The (SAM) Security Account Manager file contains the hashed representation of the
user’s password.

Brute Force

 The application of computing & network resources to try every possible combination ofoptions of
a password is called a Brute force attack.
 This is often an attempt to repeatedly guess passwords to commonly used accounts, it is
sometimes called a password attack.

Spoofing

 It is a technique used to gain unauthorized access to computers, where in the intruder sends
messages to a computer that has an IP address that indicates that the messages are coming from a
trusted host.

Data: Payload IP source: IP

192.168.0. destination:

25 100.0.0.75

Original IP packet

From hacker’s system

Data: Payload IP IP

source: destination:

100.0.0. 100.0.0.75
 80

Spoofed (modified)IP packet

Hacker modifies Spoofed packet

source address sent to target
to spoof firewall

Firewall allows packet in, mistaking it for legitimate traffic

Figure 2.4.3.1 IP spoofing

Dictionary

 This is another form of the brute force attack noted above for guessing passwords.
 The dictionary attack narrows the field by selecting specific accounts to attack and uses a list of
commonly used passwords instead of random combinations.

Denial –of- Services(DOS) & Distributed Denial –of- Service(DDOS)

 The attacker sends a large number of connection or information requests to a target.

 This may result in the system crashing, or simply becoming unable to perform ordinaryfunctions.
 DDOS is an attack in which a coordinated stream of requests is launched dagainst a target from
many locations at the same.

Man-in-the –Middle

 Otherwise called as TCP hijacking attack.

 An attacker monitors packets from the network, modifies them, and inserts them back into the
network.
 This type of attack uses IP spoofing.
 It allows the attacker to change, delete, reroute, add, forge or divert data.
 TCP hijacking session, the spoofing involves the interception of an encryption keyexchange.

SPAM

 Spam is unsolicited commercial E-mail.

 It has been used to make malicious code attacks more effective.

 Spam is considered as a trivial nuisance rather than an attack.
 It is the waste of both computer and human resources it causes by the flow of unwantedE-mail.
 Mail Bombing

 Another form of E-mail attack that is also a DOS called a mail bomb.
 Attacker routes large quantities of e-mail to the target.
 The target of the attack receives unmanageably large volumes of unsolicited e-mail.
 By sending large e-mails, attackers can take advantage of poorly configured e-mail systems on the
Internet and trick them into sending many e-mails to an address chosen bythe attacker.
 The target e-mail address is buried under thousands or even millions of unwanted e- mails.

Sniffers

 A sniffer is a program or device that can monitor data traveling over a network.
 Unauthorized sniffers can be extremely dangerous to a network’s security, because they
are virtually impossible to detect and can be inserted almost anywhere.
 Sniffer often works on TCP/IP networks, where they are sometimes called “packet
Sniffers”.

Social Engineering

 It is the process of using social skills to convince people to reveal access credentials or other
valuable information to the attacker.
 An attacker gets more information by calling others in the company and asserting his/her
authority by mentioning chief’s name.

Buffer Overflow

 A buffer overflow is an application error that occurs when more data is sent to a buffer than it can
handle.
 Attacker can make the target system execute instructions.

Timing Attack

 Works by exploring the contents of a web browser’s cache.

 These attacks allow a Web designer to create a malicious form of cookie, that is stored on
the client’s system.
 The cookie could allow the designer to collect information on how to access password- protected
sites.

2.5 LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION SECURITY

2.5.1 Law and Ethics in Information Security

 Laws are rules that mandate or prohibit certain behavior in society; they are drawn from ethics,
which define socially acceptable behaviors. The key difference between laws and ethics is that laws
carry the sanctions of a governing authority and ethics do not. Ethics in turn are based on Cultural
mores.
 Types of Law

 Civil law

 Criminal law

 Tort law
  Private law

 Public law

2.5.2 Relevant U.S. Laws – General

 Computer Fraud and Abuse Act of 1986

 National Information Infrastructure Protection Act of 1996
 USA Patriot Act of 2001
 Telecommunications Deregulation and Competition Act of 1996
 Communications Decency Act (CDA)
 Computer Security Act of 1987

Privacy

 The issue of privacy has become one of the hottest topics in information
 The ability to collect information on an individual, combine facts from separate sources, and merge
it with other information has resulted in databases of information that were previously impossible
to set up
 The aggregation of data from multiple sources permits unethical organizations to build databases of
facts with frightening capabilities

Privacy of Customer Information

 Privacy of Customer Information Section of Common Carrier Regulations

 Federal Privacy Act of 1974
 The Electronic Communications Privacy Act of 1986
 The Health Insurance Portability & Accountability Act Of 1996 (HIPAA) also known as the
Kennedy-Kassebaum Act
 The Financial Services Modernization Act or Gramm-Leach-Bliley Act of 1999
Table 2.5.2.1 Key U.S Laws of Interest to Information Security Professionals

ACT SUBJECT DATE DESCRIPTION

Communications Telecommunicatio 1934 Regulates interstate a

Act of ns foreign n
1934,updated by Telecommunicatio d
Telecommunicati ns.
ons
Deregulation &
Competition Act

Computer Fraud Threats to 1986 Defines and formalizes

&Abuse Act comput laws to counter threats
ers from computer related
acts and offenses.
Compute Secur Federal Agency 1987 Requires all federal
r Act of ity Information computer systems that
1987 Security contain classified
information to have
surety plans in place, and
requires periodic security
training for all
individuals who operate,
design, or manage
such systems.

Econo Trade secrets. 1996 Designed to prevent

mic Act abuse of information of
Espion gained by an individual
age working in one company
1996 and employed by
another.

Electronic Cryptography 1986 Also referred to as the

Communications Federal Wiretapping
Privacy Act of Act; regulates
1986 interception and
disclosure of electronic
information.

Federal Privacy Privacy 1974 Governs federal agency

Act use
of 1974 of personal information.

Gramm-Leach- Banking 1999 Focuses on facilitating

Bliley Act of affiliation among banks,
1999 insurance and securities
firms; it has significant
impact on the privacy of
personal information
used by these industries.

Health Insurance Health care 1996 Regulates collection,

Portability and privacy storage, and
Accountability transmission of sensitive
Act personal health
care information.

National Criminal intent 1996 Categorized crimes

Information based on defendant’s
Infrastructure authority to access
protection computer and criminal
Act of intent.
1996
 Sarbanes-Oxley Financial 2002 Affects how public
Actof 2002 Reporting organizations and
accounting firms deal
with corporate
governance, financial
disclosure, and
the practice of public
accounting.

Security and Use and sale of 1999 Clarifies use of

Freedom through software that uses encryption for people in
Encryption Act of or enables the United states and
1999 encryption. permits all persons in
the U.S. to buy or sell
any encryption product
and states that the
government cannot
require the use of any
kind of key escrow
system for
encryption products.

U.S.A. Patriot Terrorism 2001 Defines stiffer penalties

Actof 2001 for prosecution of
terroristcrimes.

Export and Espionage Laws

 Economic Espionage Act (EEA) of 1996
 Security and Freedom Through Encryption Act of 1997 (SAFE)
US Copyright Law

 Intellectual property is recognized as a protected asset in the US

 US copyright law extends this right to the published word, including electronic formats
 Fair use of copyrighted materials includes
- the use to support news reporting, teaching, scholarship, and a number of other related
permissions
- the purpose of the use has to be for educational or library purposes, not for profit, and should
not be excessive

Freedom of Information Act of 1966 (FOIA)

 The Freedom of Information Act provides any person with the right to request access to federal
agency records or information, not determined to be of national security

- US Government agencies are required to disclose any requested information on receipt of a

written request

 There are exceptions for information that is protected from disclosure, and the Act does not apply
to state or local government agencies or to private businesses or individuals, although many states
have their own version of the FOIA

State & Local Regulations

  In addition to the national and international restrictions placed on an organization in the use of
computer technology, each state or locality may have a number of laws and regulations that impact
operations

It is the responsibility of the information security professional to understand state laws and
regulations and insure the organization’s security policies and procedures comply with those laws
and regulations

2.5.3 International Laws and Legal Bodies

 Recently the Council of Europe drafted the European Council Cyber-Crime Convention,
designed

- to create an international task force to oversee a range of security functions associated with
Internet activities,
- to standardize technology laws across international borders
 It also attempts to improve the effectiveness of international investigations into breaches of
technology law
 This convention is well received by advocates of intellectual property rights with its emphasis
on copyright infringement prosecution

Digital Millennium Copyright Act (DMCA) Digital Millennium Copyright Act (DMCA)

 The Digital Millennium Copyright Act (DMCA) is the US version of an international effort to
reduce the impact of copyright, trademark, and privacy infringement
 The European Union Directive 95/46/EC increases protection of individuals with regard to the
processing of personal data and limits the free movement of such data
 The United Kingdom has already implemented a version of this directive called the Database
Right

United Nations Charter

 To some degree the United Nations Charter provides provisions for information security during
Information Warfare
 Information Warfare (IW) involves the use of information technology to conduct offensive
operations as part of an organized and lawful military operation by a sovereign state
 IW is a relatively new application of warfare, although the military has been conducting electronic
warfare and counter-warfare operations for decades, jamming, intercepting, and spoofing enemy
communications

Policy Versus Law

 Most organizations develop and formalize a body of expectations called policy

 Policies function in an organization like laws
 For a policy to become enforceable, it must be:
- Distributed to all individuals who are expected to comply with it
- Readily available for employee reference
- Easily understood with multi-language translations and translations for visually impaired, or
literacy-impaired employees
- Acknowledged by the employee, usually by means of a signed consent form
 Only when all conditions are met, does the organization have a reasonable expectation of effective
policy
 2.5.4

Ethical Concepts in Information Security Cultural Differences in Ethical

Concepts

 Differences in cultures cause problems in determining what is ethical and what is notethical
 Studies of ethical sensitivity to computer use reveal different nationalities have different
perspectives

 Difficulties arise when one nationality’s ethical behavior contradicts that of another
national group

Ethics and Education

 Employees must be trained and kept aware of a number of topics related to information security,
not the least of which is the expected behaviors of an ethical employee
 This is especially important in areas of information security, as many employees may not have the
formal technical training to understand that their behavior is unethical or even illegal
 Proper ethical and legal training is vital to creating an informed, well prepared, and low- risk
system user

Deterrence to Unethical and Illegal Behavior

 Deterrence - preventing an illegal or unethical activity

 Laws, policies, and technical controls are all examples of deterrents
 Laws and policies only deter if three conditions are present:
- Fear of penalty
- Probability of being caught
- Probability of penalty being administered
Computer Security – Overview

Computer security refers to protecting and securing computers and their related data, networks, software,
hardware from unauthorized access, misuse, theft, information loss, and other security issues. The Internet has
made our lives easier and has provided us with lots of advantages but it has also put our system’s security at
risk of being infected by a virus, of being hacked, information theft, damage to the system, and much more.

Technology is growing day by day and the entire world is in its grasp. We cannot imagine even a day without
electronic devices around us. With the use of this growing technology, invaders, hackers and thieves are trying
to harm our computer’s security for monetary gains, recognition purposes, ransom demands, bullying others,
invading into other businesses, organizations, etc. In order to protect our system from all these risks, computer
security is important.

Three key objectives that are at the heart of computer security:

1.Confidentiality: Preserving authorized restrictions on information access and disclosure, including means
for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized
disclosure of information. This term covers two related concepts:

 Data confidentiality: Assures that private or confidential information is not made available or disclosed
to unauthorized individuals.
  Privacy: Assures that individuals control or influence what information related to them may be
collected and stored and by whom and to whom that information may be disclosed.

2.Integrity: Guarding against improper information modification or destruction, including ensuring

information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction
of information.This term covers two related concepts:

 Data integrity: Assures that information (both stored and in transmitted packets) and programs are
changed only in a specified and authorized manner.

 System integrity: Assures that a system performs its intended function in an unimpaired manner, free
from deliberate or inadvertent unauthorized manipulation of the system.

3.Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the
disruption of access to or use of information or an information system .Assures that systems work promptly
and service is not denied to authorized users.

Types of computer security

Computer security can be classified into four types:

1. Cyber Security: Cyber security means securing our computers, electronic devices, networks , programs,
systems from cyber attacks. Cyber attacks are those attacks that happen when our system is connected to the
Internet.

2. Information Security: Information security means protecting our system’s information from theft, illegal
use and piracy from unauthorized use. Information security has mainly three objectives: confidentiality,
integrity, and availability of information.

3. Application Security: Application security means securing our applications and data so that they don’t get
hacked and also the databases of the applications remain safe and private to the owner itself so that user’s data
remains confidential.

4. Network Security: Network security means securing a network and protecting the user’s information about
who is connected through that network. Over the network hackers steal, the packets of data through sniffing
and spoofing attacks, man in the middle attack, war driving, etc, and misuse the data for their benefits.

Types of cyber attack

1. Denial of service attack or DOS: A denial of service attack is a kind of cyber attack in which the attackers
disrupt the services of the particular network by sending infinite requests and temporary or permanently
making the network or machine resources unavailable to the intended audience.

2. Backdoor: In a backdoor attack, malware, trojan horse or virus gets installed in our system and start
affecting it’s security along with the main file. Consider an example: suppose you are installing free software
from a certain website on the Internet. Now, unknowingly, along with this software, a malicious file also gets
installed, and as soon as you execute the installed software that file’s malware gets affected and starts affecting
your computer security. This is known as a backdoor.

3.Eavesdropping: Eavesdropping refers to secretly listening to someone’s talk without their permission or
knowledge. Attackers try to steal, manipulate, modify, hack information or systems by passively listening to
network communication, knowing passwords etc. A physical example would be, suppose if you are talking to
another person of your organization and if a third person listens to your private talks then he/ she is said to
eavesdrop on your conversation. Similarly, your conversation on the internet maybe eavesdropped by attackers
listening to your private conversation by connecting to your network if it is insecure.

4. Phishing: Phishing is pronounced as “fishing” and working functioning is also similar. While fishing, we
catch fish by luring them with bait. Similarly, in phishing, a user is tricked by the attacker who gains the trust
of the user or acts as if he is a genuine person and then steals the information by ditching. Not only attackers
but some certain websites that seem to be genuine, but actually they are fraud sites. These sites trick the users
and they end up giving their personal information such as login details or bank details or card number etc.
Phishing is of many types: Voice phishing, text phishing etc.

5. Spoofing: Spoofing is the act of masquerading as a valid entity through falsification of data(such as an IP
address or username), in order to gain access to information or resources that one is otherwise unauthorized to
obtain. Spoofing is of several types- email spoofing, IP address spoofing, MAC spoofing , biometric spoofing
etc.

6. Malware: Malware is made up of two terms: Malicious + Software = Malware. Malware intrudes into the
system and is designed to damage our computers. Different types of malware are adware, spyware,
ransomware, Trojan horse, etc.

7. Social engineering: Social engineering attack involves manipulating users psychologically and
extracting confidential or sensitive data from them by gaining their trust. The attacker generally exploits the
trust of people or users by relying on their cognitive basis.

8. Polymorphic Attacks: Poly means “many” and morph means “form”, polymorphic attacks are those in
which attacker adopts multiple forms and changes them so that they are not recognized easily. These kinds of
attacks are difficult to detect due to their changing forms.

Steps to ensure computer security

In order to protect our system from the above-mentioned attacks, users should take certain steps to ensure
system security:

1. Always keep your Operating System up to date. Keeping it up to date reduces the risk of their getting
attacked by malware, viruses, etc.

2. Always use a secure network connection. One should always connect to a secure network. Public wi-fi’s and
unsecured networks should be avoided as they are at risk of being attacked by the attacker.

3. Always install an Antivirus and keep it up to date. An antivirus is software that scans your PC against
viruses and isolates the infected file from other system files so that they don’t get affected. Also, we should try
to go for paid anti-viruses as they are more secure.

4. Enable firewall. A firewall is a system designed to prevent unauthorized access to/from a computer or even
to a private network of computers. A firewall can be either in hardware, software or a combination of both.

5. Use strong passwords. Always make strong passwords and different passwords for all social media accounts
so that they cannot be key logged, brute forced or detected easily using dictionary attacks. A strong password is
one that has 16 characters which are a combination of upper case and lower case alphabets, numbers and
special characters. Also, keep changing your passwords regularly.

6. Don’t trust someone easily. You never know someone’s intention, so don’t trust someone easily and end up
giving your personal information to them. You don’t know how they are going to use your information.
7. Keep your personal information hidden. Don’t post all your personal information on social media. You
never know who is spying on you. As in the real world, we try to avoid talking to strangers and sharing
anything with them. Similarly, social media also have people whom you don’t know and if you share all your
information on it you may end up troubling yourself.

8. Don’t download attachments that come along with e-mails unless and until you know that e-mail is from a
genuine source. Mostly, these attachments contain malware which, upon execution infect or harms your
system.

9. Don’t purchase things online from anywhere. Make sure whenever you are shopping online you are doing so
from a well-known website. There are multiple fraud websites that may steal your card information as soon as
you checkout and you may get bankrupt by them.

10. Learn about computer security and ethics. You should be well aware of the safe computing and ethics of
the computing world. Gaining appropriate knowledge is always helpful in reducing cyber-crime.

11. If you are attacked, immediately inform the cyber cell so that they may take appropriate action and also
protect others from getting attacked by the same person. Don’t hesitate to complain just because you think
people may make your fun.

12. Don’t use pirated content. Often, people try to download pirated movies, videos or web series in order to
get them for free. These pirated content are at major risk of being infected with viruses, worms, or malware,
and when you download them you end up compromising your system security.

Access control matrix

In computer science, an access control matrix or access matrix is an abstract, formal security model of
protection state in computer systems, that characterizes the rights of each subject with respect to every object in
the system. It was first introduced by Butler W. Lampson in 1971.[1]

An access matrix can be envisioned as a rectangular array of cells, with one row per subject and one column
per object. The entry in a cell – that is, the entry for a particular subject-object pair – indicates the access mode
that the subject is permitted to exercise on the object. Each column is equivalent to an access control list for the
object; and each row is equivalent to an access profile for the subject.[2]

Definition

According to the model, the protection state of a computer system can be abstracted as a set of objects ,
that is the set of entities that needs to be protected (e.g. processes, files, memory pages) and a set of subjects

, that consists of all active entities (e.g. users, processes). Further there exists a set of rights of the

form , where , and . A right thereby specifies the kind of access a subject is allowed to
process object.

Example

In this matrix example there exist two processes, two assets, a file, and a device. The first process is the owner
of asset 1, has the ability to execute asset 2, read the file, and write some information to the device, while the
second process is the owner of asset 2 and can read asset 1.
 Asset 1 Asset 2 File Device

Role 1 read, write, execute, own execute read write

Role 2 read read, write, execute, own

Utility

Because it does not define the granularity of protection mechanisms, the Access Control Matrix can be used as
a model of the static access permissions in any type of access control system. It does not model the rules by
which permissions can change in any particular system, and therefore only gives an incomplete description of
the system's access control security policy.

An Access Control Matrix should be thought of only as an abstract model of permissions at a given point in
time; a literal implementation of it as a two-dimensional array would have excessive memory requirements.
Capability-based security and access control lists are categories of concrete access control mechanisms whose
static permissions can be modeled using Access Control Matrices. Although these two mechanisms have
sometimes been presented (for example in Butler Lampson's Protection paper) as simply row-based and
column-based implementations of the Access Control Matrix, this view has been criticized as drawing a
misleading equivalence between systems that does not take into account dynamic behaviour.

Access Control Matrix and Capability List

Blog

There is often confusion about the relationship between access control matrix and capability list or access
control list when in fact these can be captured in a single image for clarity and simplicity purposes. You can
think of access control matrix as a security access table which combines ACL and user capability list to define
who can access what and to which degree. In the ACM, columns define objects and assigned privileges or
ACL, rows list users or subjects, and relationships between rows and columns define user capabilities or UCL.

Access Control Matrix

Access control matrix is a security model that protects digital resources or “objects” from unauthorized access.
It can be thought of as an array of cells with each column and row for users “subject” and object. An entry in a
given cell demonstrates a specific subject’s access mode on the corresponding object. Every column represents
an object’s access list, while a row is equivalent to a subject’s access profile.

Access Control List (ACL)

ACL is a table that notifies the computer system of a user’s access rights to a given system file or file directory.
Every object is assigned a security attribute to establish its access control list. The ACL has a specific entry for
every system user with the related access privileges. These privileges touch on the ability to write and read a
file or files, and if it is a program of an executable file, it defines the user access to those rights. Some
operating systems that use ACLs include Digital’s OpenVMS, Microsoft Windows NT/2000, UNIX, and
Novell’s NetWare.

Access Control Matrix vs ACL

The primary difference between the access control matrix and ACL is that the latter defines a set of privileges
attached to an object. In contrast, the control matrix outlines the subject’s access permissions on an object.
Information security is pivotal within a computerized real-time system. As such, a system implements various
measures to achieve just that. The primary criterion is user authentication, which requires the user to furnish
the system with personal details. For instance, a system may request the user to insert his username and
password to access a file. After authentication, the system will move to authorization, granting rights to the
authenticated users. They both permit users to delegate rights for third parties to access resources, information,
or systems.

User Capability List

A capability list is a key, token, or ticket that grants the processor approval to access an object within the
computer system. The user is evaluated against a capability list before gaining access to a specific object. In
addition, a capability list is wholly transferable regardless of its administrator. Such an arrangement eradicates
the need for system authentication. Unlike capability lists, ACLs allow users to stop worrying about
authentication. Users cannot ignore authentication with a capability list because it is core to the protection
mechanism.

ACL vs Capability List

We have to use a real-life scenario to understand the difference between the two lists, and in this case, a bank
analogy. John wishes to store all his valuable items in a safe box maintained by a bank. In some cases, he
would want one or two of his trustworthy relatives to access the box to make withdraws and deposits. The bank
can regulate access to John’s box in two ways: maintain a list of persons John has authorized to access the safe
box to or issue John one or multiple access keys to the box.

i)ACL Approach

• Bank’s role: the financial institution must have a list of account holders, verify users, and define privileges.
The entity needs to maintain the list’s integrity and authenticate access.
• Adding new users: a user must pay a visit to the bank’s branch to add more users
• Delegation: the approved third parties cannot delegate their access rights to other parties.
• Removing users: when the holder perceives the approved third-party as untrustworthy or not needed, they can
delete their names from the list.

ii)Capability Approach

• Bank’s role: the bank is not involved

• Access rights: the holder defines access rights
• Add new users: the holder can assign a key to new users
• Delegation: third-party can extend their privileges to others
• Revoke: holder can recall his key from the thirty-party, but it may be challenging to establish whether they
made a copy.

Access Control Matrix and Capability List

A capability list is not appropriate for systems where actions are centered on users. It will result in duplications
and complicate the management of rights. Because access matrix does not explicitly define the scale of the
protection mechanism, it is often used to model static access privileges in a given access control system. It does
not represent the rules of changing rights within a system, and hence partially describes the system’s security
policy. Access control and capability-based policies are subsets of a protection mechanism, while an access
control matrix can model their static privileges.

What is the Purpose of Access Control Matrix?

An access control matrix is a table that contains both subjects and objects. Subjects usually refer to people who
may need to access objects. Objects are typically files, data, or resources that subjects may need to access.
They can also be a system process or a piece of hardware. The information contained in the matrix designates
permissions and access levels between subjects and objects. Organizations build access control matrices to
ensure authorized access and prevent intentional or unintentional unauthorized access to sensitive data.

The purpose for granting any access corresponds to the three pillars of cyber security: availability, integrity,
and confidentiality. Availability measures are those that ensure that users can access a system. Issues such as
hardware and software failures, network disconnections, and hacking can influence availability. Integrity refers
to measures that ensure that information on a system is not altered intentionally or unintentionally.
Confidentiality refers to the measures that are put in place to ensure that information is not misused and that
those who are unauthorized do not access information. System administrators usually assign right in an access
control matrix, avoiding the possibility that others may tamper with it.

Organizations must have two sets of access control policies governing their two major assets. Physical assets
include offices, rooms, and buildings. Logical assets include digital files and resources.

How an Access Control Matrix Works

In a user permissions matrix, permissions are designated using these five commonly used attributes.

 Read (R) – Read access permits the subject to open and read the file, but not to edit it in any way.
 Write (W) – Write access allows the subject to not only read the file but to add or write new content in
the file.
 Delete (D) – Delete permissions are higher level than write permissions. Subjects with delete or edit
permissions can delete files or content.
 Execute (E) – Execute permission allows a user to execute particular programs.

Dash (-) – A dash in an access control matrix indicates that the subject is prohibited from accessing the object.
 Security Policies
What is a security policy?

An information security policy is a formal, high-level statement or plan that embraces an organization's general
beliefs, objectives, goals, and acceptable procedures for information security. It defines a set of rules,
procedures, and policies designed to ensure that all end users and networks within an organization have IT
security and data protection security.

A security policy basically is a written document. The document consist of policy and statements that outlines
how to protect the organization from attacks and threats. the members of the company should know about the
detailed updated security policy.

The another main objective of security policy is to preserve integrity, confidentiality and availability of
systems and information used by the members.

Purpose of information security policy

A set of regulations that guide individuals who deal with IT assets is known as an Information Security Policy
(ISP). To ensure that your staff and other users follow security policies and processes, organizations must
adopt an information security policy.

The organization creates ISPs to

 Make users understand how to protect the organization's confidential resources from security threats.
 It secures the credentials of their customer such as banking information, credit card details and so forth.
 Provides access to services and key information technology assets to those who are authorized to do so.
 Provides effective and standard mechanisms to respond to several complaints related to cyber security
risks such as malware, ransomware, and phishing.
 Detects the impact of compromised information assets such as misuse of network and data, mobile
devices, system information and application.

Framework of security policy

The hierarchy of security policy framework.

A framework of security policy

Security policies

There are three types of security defined by the management. These are:

 General or security program policy

  Issue-specific security policy
 System-specific security policy

Security Program Policy (SPP)

It is also known as a general security policy, information security policy or IT security policy. The general
security policy describes the whole organization's security objectives and its commitments for information
security policy. It is a primary document from which other security policies are derived. In addition, it specifies
the organization's compliance goals.

Issue Specific Security Policy (ISSP)

ISSP provides the guidelines for specific threats. An organization may create a security policy that focuses on
phishing attacks, malware attacks, email security, etc. There are various processes and technologies used
within the organization and therefore, specific guidelines are necessary to guarantee proper usage.

The guidelines of ISSP:

 ISSP addresses the specific areas of technologies and software.

 It requires frequent updates.
 It contains an issue statement that states the organization's position on the issue.

Three main approaches of ISSP:

 Create several independent ISSP documents.

 Create a simple comprehensive ISSP document.
 Create a modular ISSP document.

Example:

 Statement of policy.
 Violation of policy.
 Policy review and modification.
 System management.
 Prohibited uses of equipment

System-Specific Policy (SysSP)

System-specific security policy aims to focus on the information security policies of particular systems such as
policies for customer-facing applications, payroll systems, or data archival systems. While issue-specific
policies are formalized in a written document, the system-specific security policy is defined as standards and
procedures used when configuring and maintaining the system.

Security standards

It is below the level of policy in the hierarchy. It specifies the guidance, defining the instruction or methods
where policies are used to create the strategic documents and standards which are tactical documents that
provide a course of action. Compliance with standards is necessary.

Security guidelines

It is a recommendation and practical guidance to help the staff implement standards and baselines. It targets all
levels of staff including both general users and security professionals. These guidelines are flexible in nature.
 Security procedures

It is the bottom layer of the security framework. It defines all the procedures that provide step-by-step
instruction which guides the staff on how to correctly implement specific security controls.

Types of security policy

The main types of security policies are:-

An organizational security policy- This security policy describes the organizations security policy as in
whole and also defines its assurance to information security. One can understand it like a parent security
policy. All the security policies are derived from this. It also defines the organizations goals.

System-specific security policies - this security policy mainly focuses on security policy of a particular
system. the example of this can be :payroll system, data archive system and customer-facing application.

Issue-specific security policies- this type of security policy focuses on particular issues. such as Threat and
categories of threat. For example, It may be possible that an organization has an implementation of security
policy on phishing attacks only or some other category of threat.

Elements of security policy

There are 8 elements of security policy

Element of security policy

Purpose

The purpose of security policy is to create the approach of information security. It detects the information
security threats such as misuse of networks, applications, software, computer systems. It maintains the
reputation of organizations and legal responsibilities. The main purpose is to respect the customer and aims to
fulfill customer requirements.

Audience

It defines the audience to whom the IT security policy applies and identifies those audiences which are out of
the scope of the computer security policy. It defines customer requirements and statements also.
 Information security objectives

Information security is a set of tools used to protect the digital and analog information. Its protection covers a
range of IT domains as well as computer security. The main guideline of information security policy is to use
tools like authentication and permissions to restrict an unauthorized user from accessing private and sensitive
information. This protection helps to prevent information theft and modification or loss. The security measures
of ISP consist of three main objectives also known as CIA.

Confidentiality

Confidentiality ensures the protection of secret and sensitive information from unauthorized users. It is a key
feature of cybersecurity policy also. It uses multi-factor authentication, encryption, strong password, and
segregation of data to maintain the access restriction. Security breaches of confidentiality occur due to human
error or malicious event. It also protects from third-party software.

Integrity

In The world of security policy, Integrity defines the completeness and accuracy of the data. Integrity is
important so that no one can modify the data and no one can misuse the data. Integrity ensures that the
consistency and trustworthiness should be maintained over the whole life cycle. It also involves that during the
transmission of data the data should remain unchanged. And, all the precautionary steps should be taken by the
organization so that unauthorized user cant have an access of the confidential data.

Availability

Availability ensures that authorized users can reliably access the information. It is maintained through
continuity of access procedures, backup, and duplication of information. It ensures the maintenance of
hardware and network connections as well. When the network is attacked due to natural disasters, or when
client devices fail, this situation is called the loss of availability.

Authority and access control policy

This element follows the hierarchical pattern. The security policy may have different terms for a senior
manager, junior manager, or company employee. A senior manager may have the right to decide what data can
be shared and with whom. Users have unique login IDs and credentials provided by the company which is used
for the authentication of users.

Data classification

It classifies the data like top-secret data, secret data, confidential data, and public data. The objective of
classifying data is to ensure that the sensitive data is protected from individuals and private data is protected
from public access.
 Data support and operations

It supports data backup, movements of data, and data protection. Data backup is necessary for security
measures. To store backup media and move back up to the cloud for further procedure. Systems that store
personal data or sensitive information must be protected according to industry compliance standards.

Security awareness and behavior

It provides training programs to educate the employees regarding security procedures and mechanisms. It
follows three guidelines:

 Clean desk policy.

 Acceptable internet usage policy.
 Social engineering.

Responsibilities, rights and duties of personnel

It describes the responsibilities of company employees, appoints staff to carry out the user access reviews,
comments, and manage security incidents. Responsibilities, rights, and duties are clearly defined as part of IT
security. This is the most important requirement in Cyber security.

Security policies are a formal set of rules which is issued by an organization to ensure that the user who are
authorized to access company technology and information assets comply with rules and guidelines related to
the security of information. It is a written document in the organization which is responsible for how to protect
the organizations from threats and how to handles them when they will occur. A security policy also
considered to be a "living document" which means that the document is never finished, but it is continuously
updated as requirements of the technology and employee changes.

Need of Security policies-

1) It increases efficiency.

The best thing about having a policy is being able to increase the level of consistency which saves time, money
and resources. The policy should inform the employees about their individual duties, and telling them what
they can do and what they cannot do with the organization sensitive information.

2) It upholds discipline and accountability

When any human mistake will occur, and system security is compromised, then the security policy of the
organization will back up any disciplinary action and also supporting a case in a court of law. The organization
policies act as a contract which proves that an organization has taken steps to protect its intellectual property,
as well as its customers and clients.

3) It can make or break a business deal

It is not necessary for companies to provide a copy of their information security policy to other vendors during
a business deal that involves the transference of their sensitive information. It is true in a case of bigger
businesses which ensures their own security interests are protected when dealing with smaller businesses which
have less high-end security systems in place.

4) It helps to educate employees on security literacy

A well-written security policy can also be seen as an educational document which informs the readers about
their importance of responsibility in protecting the organization sensitive data. It involves on choosing the right
passwords, to providing guidelines for file transfers and data storage which increases employee's overall
awareness of security and how it can be strengthened.

We use security policies to manage our network security. Most types of security policies are automatically
created during the installation. We can also customize policies to suit our specific environment. There are some
important cybersecurity policies recommendations describe below-

1. Virus and Spyware Protection policy

This policy provides the following protection:

 It helps to detect, removes, and repairs the side effects of viruses and security risks by using signatures.
 It helps to detect the threats in the files which the users try to download by using reputation data from
Download Insight.
 It helps to detect the applications that exhibit suspicious behaviour by using SONAR heuristics and
reputation data.

2. Firewall Policy

This policy provides the following protection:

 It blocks the unauthorized users from accessing the systems and networks that connect to the Internet.
 It detects the attacks by cybercriminals.
 It removes the unwanted sources of network traffic.

3. Intrusion Prevention policy

This policy automatically detects and blocks the network attacks and browser attacks. It also protects
applications from vulnerabilities. It checks the contents of one or more data packages and detects malware
which is coming through legal ways.

4. LiveUpdate policy

This policy can be categorized into two types one is LiveUpdate Content policy, and another is LiveUpdate
Setting Policy. The LiveUpdate policy contains the setting which determines when and how client computers
download the content updates from LiveUpdate. We can define the computer that clients contact to check for
updates and schedule when and how often clients computer check for updates.

5. Application and Device Control

This policy protects a system's resources from applications and manages the peripheral devices that can attach
to a system. The device control policy applies to both Windows and Mac computers whereas application
control policy can be applied only to Windows clients.

6. Exceptions policy

This policy provides the ability to exclude applications and processes from detection by the virus and spyware
scans.

7. Host Integrity policy

This policy provides the ability to define, enforce, and restore the security of client computers to keep
enterprise networks and data secure. We use this policy to ensure that the client's computers who access our
network are protected and compliant with companies? securities policies. This policy requires that the client
system must have installed antivirus.

Security Standards

To make cybersecurity measures explicit, the written norms are required. These norms are known as
cybersecurity standards: the generic sets of prescriptions for an ideal execution of certain measures. The
standards may involve methods, guidelines, reference frameworks, etc. It ensures efficiency of security,
facilitates integration and interoperability, enables meaningful comparison of measures, reduces complexity,
and provide the structure for new developments.

A security standard is "a published specification that establishes a common language, and contains a technical
specification or other precise criteria and is designed to be used consistently, as a rule, a guideline, or a
definition." The goal of security standards is to improve the security of information technology (IT) systems,
networks, and critical infrastructures. The Well-Written cybersecurity standards enable consistency among
product developers and serve as a reliable standard for purchasing security products.

Security standards are generally provided for all organizations regardless of their size or the industry and sector
in which they operate. This section includes information about each standard that is usually recognized as an
essential component of any cybersecurity strategy.

1. ISO

ISO stands for International Organization for Standardization. International Standards make things to work.
These standards provide a world-class specification for products, services and computers, to ensure quality,
safety and efficiency. They are instrumental in facilitating international trade.

ISO standard is officially established On 23 February 1947. It is an independent, non-governmental

international organization. Today, it has a membership of 162 national standards bodies and 784 technical
committees and subcommittees to take care of standards development. ISO has published over 22336
International Standards and its related documents which covers almost every industry, from information
technology, to food safety, to agriculture and healthcare.

ISO 27000 Series

It is the family of information security standards which is developed by the International Organization for
Standardization and the International Electrotechnical Commission to provide a globally recognized
framework for best information security management. It helps the organization to keep their information assets
secure such as employee details, financial information, and intellectual property.

The need of ISO 27000 series arises because of the risk of cyber-attacks which the organization face. The
cyber-attacks are growing day by day making hackers a constant threat to any industry that uses technology.

The ISO 27000 series can be categorized into many types. They are-

ISO 27001- This standard allows us to prove the clients and stakeholders of any organization to managing the
best security of their confidential data and information. This standard involves a process-based approach for
establishing, implementing, operating, monitoring, maintaining, and improving our ISMS.

ISO 27000- This standard provides an explanation of terminologies used in ISO 27001.

ISO 27002- This standard provides guidelines for organizational information security standards and
information security management practices. It includes the selection, implementation, operating and
management of controls taking into consideration the organization's information security risk environment(s).
ISO 27005- This standard supports the general concepts specified in 27001. It is designed to provide the
guidelines for implementation of information security based on a risk management approach. To completely
understand the ISO/IEC 27005, the knowledge of the concepts, models, processes, and terminologies described
in ISO/IEC 27001 and ISO/IEC 27002 is required. This standard is capable for all kind of organizations such
as non-government organization, government agencies, and commercial enterprises.

ISO 27032- It is the international Standard which focuses explicitly on cybersecurity. This Standard includes
guidelines for protecting the information beyond the borders of an organization such as in collaborations,
partnerships or other information sharing arrangements with clients and suppliers.

2. IT Act

The Information Technology Act also known as ITA-2000, or the IT Act main aims is to provide the legal
infrastructure in India which deal with cybercrime and e-commerce. The IT Act is based on the United Nations
Model Law on E-Commerce 1996 recommended by the General Assembly of United Nations. This act is also
used to check misuse of cyber network and computer in India. It was officially passed in 2000 and amended in
2008. It has been designed to give the boost to Electronic commerce, e-transactions and related activities
associated with commerce and trade. It also facilitate electronic governance by means of reliable electronic
records.

IT Act 2000 has 13 chapters, 94 sections and 4 schedules. The first 14 sections concerning digital signatures
and other sections deal with the certifying authorities who are licenced to issue digital signature certificates,
sections 43 to 47 provides penalties and compensation, section 48 to 64 deal with appeal to high court, sections
65 to 79 deal with offences, and the remaining section 80 to 94 deal with miscellaneous of the act.

3. Copyright Act

The Copyright Act 1957 amended by the Copyright Amendment Act 2012 governs the subject of copyright law
in India. This Act is applicable from 21 January 1958. Copyright is a legal term which describes the ownership
of control of the rights to the authors of "original works of authorship" that are fixed in a tangible form of
expression. An original work of authorship is a distribution of certain works of creative expression including
books, video, movies, music, and computer programs. The copyright law has been enacted to balance the use
and reuse of creative works against the desire of the creators of art, literature, music and monetize their work
by controlling who can make and sell copies of the work.

The copyright act covers the following-

 Rights of copyright owners

 Works eligible for protection
 Duration of copyright
 Who can claim copyright

The copyright act does not covers the following-

 Ideas, procedures, methods, processes, concepts, systems, principles, or discoveries

 Works that are not fixed in a tangible form (such as a choreographic work that has not been notated or
recorded or an improvisational speech that has not been written down)
 Familiar symbols or designs
 Titles, names, short phrases, and slogans
 Mere variations of typographic ornamentation, lettering, or coloring

4. Patent Law
Patent law is a law that deals with new inventions. Traditional patent law protect tangible scientific inventions,
such as circuit boards, heating coils, car engines, or zippers. As time increases patent law have been used to
protect a broader variety of inventions such as business practices, coding algorithms, or genetically modified
organisms. It is the right to exclude others from making, using, selling, importing, inducing others to infringe,
and offering a product specially adapted for practice of the patent.

In general, a patent is a right that can be granted if an invention is:

 Not a natural object or process

 New
 Useful
 Not obvious.

5. IPR

Intellectual property rights is a right that allow creators, or owners of patents, trademarks or copyrighted works
to benefit from their own plans, ideas, or other intangible assets or investment in a creation. These IPR rights
are outlined in the Article 27 of the Universal Declaration of Human Rights. It provides for the right to benefit
from the protection of moral and material interests resulting from authorship of scientific, literary or artistic
productions. These property rights allow the holder to exercise a monopoly on the use of the item for a
specified period.

Confidentiality is the protection of information in the system so that an unauthorized person cannot access it.
This type of protection is most important in military and government organizations that need to keep plans and
capabilities secret from enemies. However, it can also be useful to businesses that need to protect their
proprietary trade secrets from competitors or prevent unauthorized persons from accessing the company’s
sensitive information (e.g., legal, personal, or medical information). Privacy issues have gained an increasing
amount of attention in the past few years, placing the importance of confidentiality on protecting personal
information maintained in automated systems by both government agencies and private-sector organizations.
Confidentiality must be well-defined, and procedures for maintaining confidentiality must be carefully
implemented. A crucial aspect of confidentiality is user identification and authentication. Positive identification
of each system user is essential in order to ensure the effectiveness of policies that specify who is allowed
access to which data items.

Threats to Confidentiality: Confidentiality can be compromised in several ways. The following are some of
the commonly encountered threats to information confidentiality –

 Hackers
 Masqueraders
 Unauthorized user activity
 Unprotected downloaded files
 Local area networks (LANs)
 Trojan Horses

Confidentiality Models: Confidentiality models are used to describe what actions must be taken to ensure the
confidentiality of information. These models can specify how security tools are used to achieve the desired
level of confidentiality. The most commonly used model for describing the enforcement of confidentiality is
the Bell-LaPadula model.

 In this model the relationship between objects (i.e, the files, records, programs and equipment that
contain or receive information) and subjects (i.e, the person, processes, or devices that cause the
information to flow between the objects).
  The relationships are described in terms of the subject’s assigned level of access or privilege and the
object’s level of sensitivity. In military terms, these would be described as the security clearance of the
subject and the security classification of the object.

Another type of model that is commonly used is Access control model.

 It organizes the system into objects (i.e, resources being acted on), subjects (i.e, the person or program
doing the action), and operations (i.e, the process of interaction).
 A set of rules specifies which operation can be performed on an object by which subject.

Types of Confidentiality :

In Information Security, there are several types of confidentiality:

1. Data confidentiality: refers to the protection of data stored in computer systems and networks from
unauthorized access, use, disclosure, or modification. This is achieved through various methods, such
as encryption and access controls.
2. Network confidentiality: refers to the protection of information transmitted over computer networks
from unauthorized access, interception, or tampering. This is achieved through encryption and secure
protocols such as SSL/TLS.
3. End-to-end confidentiality: refers to the protection of information transmitted between two endpoints,
such as between a client and a server, from unauthorized access or tampering. This is achieved through
encryption and secure protocols.
4. Application confidentiality: refers to the protection of sensitive information processed and stored by
software applications from unauthorized access, use, or modification. This is achieved through user
authentication, access controls, and encryption of data stored in the application.
5. Disk and file confidentiality: refers to the protection of data stored on physical storage devices, such
as hard drives, from unauthorized access or theft. This is achieved through encryption, secure storage
facilities, and access controls.

Overall, the goal of confidentiality in Information Security is to protect sensitive and private information from
unauthorized access, use, or modification and to ensure that only authorized individuals have access to
confidential information.

Uses of Confidentiality :

In the field of information security, confidentiality is used to protect sensitive data and information from
unauthorized access and disclosure. Some common uses include:

1. Encryption: Encrypting sensitive data helps to protect it from unauthorized access and disclosure.
2. Access control: Confidentiality can be maintained by controlling who has access to sensitive
information and limiting access to only those who need it.
3. Data masking: Data masking is a technique used to obscure sensitive information, such as credit card
numbers or social security numbers, to prevent unauthorized access.
4. Virtual private networks (VPNs): VPNs allow users to securely connect to a network over the
internet and protect the confidentiality of their data in transit.
5. Secure file transfer protocols (SFTPs): SFTPs are used to transfer sensitive data securely over the
internet, protecting its confidentiality in transit.
6. Two-factor authentication: Two-factor authentication helps to ensure that only authorized users have
access to sensitive information by requiring a second form of authentication, such as a fingerprint or a
one-time code.
7. Data loss prevention (DLP): DLP is a security measure used to prevent sensitive data from being
leaked or lost. It monitors and controls the flow of sensitive data, protecting its confidentiality.
Issues of Confidentiality :

Confidentiality in information security can be challenging to maintain, and there are several issues that can
arise, including:

1. Insider threats: Employees and contractors who have access to sensitive information can pose a threat
to confidentiality if they intentionally or accidentally disclose it.
2. Cyberattacks: Hackers and cybercriminals can exploit vulnerabilities in systems and networks to
access and steal confidential information.
3. Social engineering: Social engineers use tactics like phishing and pretexting to trick individuals into
revealing sensitive information, compromising its confidentiality.
4. Human error: Confidential information can be accidentally disclosed through human error, such as
sending an email to the wrong recipient or leaving sensitive information in plain sight.
5. Technical failures: Technical failures, such as hardware failures or data breaches, can result in the loss
or exposure of confidential information.
6. Inadequate security measures: Inadequate security measures, such as weak passwords or outdated
encryption algorithms, can make it easier for unauthorized parties to access confidential information.
7. Legal and regulatory compliance: Confidentiality can be impacted by legal and regulatory
requirements, such as data protection laws, that may require the disclosure of sensitive information in
certain circumstances.

Hybrid Policies

Chinese Wall Model

Security policy that refers equally to confidentiality and integrity

Describes policies that involve conflict of interest in business

Def: The objects of the database are items of information related to a company

Def: A Company Dataset (CD) contains objects related to a single company

Def: A Conflict Of Interest (COI) class contains the datasets of companies in competition

CW-Simple Security Condition

 S can read O iff either

1. There is an object O such that S has accessed O’ and CD(O’) = CD(O)

or

2. For all objects O’, O’ PR(S) COI(O’) COI(O) where PR(S) is the set of previously
readobjects by S.

Subject affects:
a. Once a subject reads any object in a COI class, the only other objects that the subject can
read in that class are the same objects, i.e. once one object is read, no other objects in
another class can be read.

b. The minimum number of subjects needed to access each object in a class is the number ofobjects in that
class.Since most companies have information that is available to all subjects, the model distinguishes
betweensanitized and unsantized data by adding condition 3,

3. O is a sanitized object.

The complete CW-Simple Security Condition is

CW-Simple Security Condition

S can read O iff either

1. There is an object O such that S has accessed O’ and CD(O’) = CD(O)

2. For all objects O’, O’ PR(S) COI(O’) COI(O) where PR(S) is the set of previously
readobjects by S.

3. O is a sanitized object.

Since two subjects could have access to the same object in one COI and different objects in another COI,we
have

CW-*-Property

A subject S may write to an object O iff both of the following conditions hold

1. The CW-Simple security conditions permits S to read O

2. unsantized objects O’, S can read O’ CD(O’) = CD(O)

This prevents one subject from writing sensitive information in the shared common object from an unshared
object.
Clinical Information Systems Security Policy

Electronic medical records present their own requirements for policies that combine confidentiality and
integrity. Patient confidentiality, authentication of both records and those making entries in those records,
and assurance that the records have not been changed erroneously are most critical.
Def: A patient is the subject of medical records, or an agent for that person who can give consent for the
person to be treated.

Def: Personal health information (electronic medical record) is information about a patient’s health
ortreatment enabling that patient to be identified.

Def: A clinician is a health-care professional who has access to personal health information while
performing his or her job.

Guided by the Clark-Wilson model, we have a set of principles that address electronic medical records.
Access to the electronic medical records must be restricted to the clinician and the
clinician’s practicegroup.

Access Principle 1: Each medical record has an access control list naming the
individuals or groups whomay read and append information to
the record. The system must restrict access to those identified on
the access control list.

Medical ethics require that only clinicians and the patient have access to the patient’s
electronic medicalrecords.

Access Principle 2: One of the clinicians on the access control list (called the
responsible clinician) musthave the right to add other clinicians
to the access control list.

The patient must consent to any treatment. Hence, the patient has the right to
know when his or her electronic medical records are accessed or altered. Also
the electronic medical records system must prevent the leakage of information.
Hence, the patient must be notified when their electronic medical records are
accessed by a clinician that the patient does not know.

Access Principle 3: The responsible clinician must notify the patient of the names
on the access control list whenever the patient’s medical
record is opened. Except in situations given in statutes or in
cases of emergency, the responsible clinician must obtain the
patient’sconsent.

Auditing who accesses the patient’s electronic medical records, when those records
were accessed, and what changes, if any, were made to the electronic medical records
must be recorded to adhere to numerousgovernment medical information requirements.

Access Principle 4: The name of the clinician, the date, and the time of the access
of a medical recordmust be recorded. Similar information
must be kept for deletions.

The following principles deal with record creation, and information deletion. New
electronic medical recordsshould allow the attending clinician and the patient access to
those records. Additionally, the referring clinician, if any, should have access to those
 records to see the results of any referral.

Creation Principle: A clinician may open a record, with the clinician and the patient
on the access control list. If the record is opened as a result of a
referral, the referring clinician may also be on the access
control list.

Electronic medical records should be kept the required amount of time, normally 8
years except in someinstances.
Deletion Principle: Clinical information cannot be deleted from a medical record
until the appropriate timehas passed.
When copying electronic medical records, care must be taken to prevent the
unauthorized disclosure of apatient’s medical records.
Confinement Principle: Information from one medical record may be appended to
a different medical record if and only if the access
control list of the second record is a subset of the
access control list of the first.
The combining of information from numerous authorized sources may lead to
new information that the clinician should not have access to. Also the access to
a wide set of medical records would make the individual clinician susceptible to
corruption or blackmail.

Aggregation Principle: Measures for preventing the aggregation of patient

data must be effective. Inparticular a patient must be
notified if anyone is to be added to the access control
list for the patient’s record and if that person has
access to a large number of medical records.

There must be system mechanisms implemented to enforce all of these principles.

Enforcement Principle: Any computer system that handles medical records

must have a subsystem that enforces the preceding
principles. The effectiveness of this enforcementmust
be subject to evaluation by independent auditors.
Information Security | Integrity

Integrity is the protection of system data from intentional or accidental unauthorized

changes. The challenges of the security program are to ensure that data is maintained in
the state that is expected by the users. Although the security program cannot improve
the accuracy of the data that is put into the system by users. It can help ensure that any
changes are intended and correctly applied. An additional element of integrity is the
need to protect the process or program used to manipulate the data from unauthorized
modification. A critical requirement of both commercial and government data
processing is to ensure the integrity of data to prevent fraud and errors. It is imperative,
therefore, no user be able to modify data in a way that might corrupt or lose assets or
financial records or render decision making information unreliable. Examples of
government systems in which integrity is crucial include air traffic control system,
military fire control systems, social security and welfare systems. Examples of
commercial systems that require a high level of integrity include medical prescription
system, credit reporting systems, production control systems and payroll systems.

Protecting against Threats to Integrity: Like confidentiality, integrity can also be

arbitrated by hackers, masqueraders, unprotected downloaded files, LANs, unauthorized
user activities, and unauthorized programs like Trojan Horse and viruses, because each
of these threads can lead to unauthorized changes to data or programs. For example,
unauthorized user can corrupt or change data and programs intentionally or accidentally
if their activities on the system are not properly controlled. Generally, three basic
principles are used to establish integrity controls:

1. Need-to-know access: User should be granted access only into those files and
programs that they need in order to perform their assigned jobs functions.
2. Separation of duties: To ensure that no single employee has control of a
transaction from beginning to end, two or more people should be responsible for
performing it.
3. Rotation of duties: Job assignment should be changed periodically so that it
becomes more difficult for the users to collaborate to exercise complete control
of a transaction and subvert it for fraudulent purposes.

Integrity Models – Integrity models are used to describe what needs to be done to
enforce the information integrity policy. There are three goals of integrity, which the
models address in various ways:

1. Preventing unauthorized users from making modifications to data or programs.

2. Preventing authorized users from making improper or unauthorized
modifications.
3. Maintaining internal and external consistency of data and programs.
 UNIT III DIGITAL SIGNATURE AND AUTHENTICATION

What is a digital signature?

A digital signature is a mathematical technique used to validate the authenticity and

integrity of a digital document, message or software. It's the digital equivalent of a
handwritten signature or stamped seal, but it offers far more inherent security. A
digital signature is intended to solve the problem of tampering and impersonation in
digital communications.

Digital signatures can provide evidence of origin, identity and status of electronic
documents, transactions and digital messages. Signers can also use them to
acknowledge informed consent. In many countries, including the U.S., digital
signatures are considered legally binding in the same way as traditional handwritten
document signatures.

How do digital signatures work?

Digital signatures are based on public key cryptography, also known as asymmetric
cryptography. Using a public key algorithm, such as Rivest-Shamir-Adleman, or
RSA, two keys are generated, creating a mathematically linked pair of keys: one
private and one public.

Digital signatures work through public key cryptography's two mutually

authenticating cryptographic keys. For encryption and decryption, the person who
creates the digital signature uses a private key to encrypt signature-related data. The
only way to decrypt that data is with the signer's public key.

If the recipient can't open the document with the signer's public key, that indicates
there's a problem with the document or the signature. This is how digital signatures
are authenticated.

Digital signing certificates, also called public key certificates, are used to verify that
the public key belongs to the issuer. Signing certificates are sent with the public key;
they contain information about the certificate's owner, expiration dates and the
digital signature of the certificate's issuer. Trusted third-party certificate authorities
(CAs), such as DocuSign or GlobalSign, issue signing certificates.

Digital signature technology requires all parties to trust that the person who creates
the signature image has kept the private key secret. If someone else has access to the
private signing key, that party could create fraudulent digital signatures in the name
of the private key holder.
 Signing certificate and certificate authority

Digital signatures get their official status through signing certificates. Signing
certificates serve as authentication for transmitted documents, their contents and the
author of these documents. An official third-party certificate authority is responsible
for administering these certificates. CAs verify that organizations are in compliance
with cybersecurity standards, such as International Organization for Standardization
(ISO) standards. Only after an organization has been approved is a certificate
provided.

The approval process starts with the CA assessing the needs of the author and
ensuring their methods comply with regulations. The CA then issues a signing
certificate and the cryptographic key pair needed to secure the documents' contents.
A mathematical algorithm generates this key pair to ensure the contents can't be
accessed without both keys. Ultimately, the digital signature includes the following:

 The author's electronic signature of the document.

 A piece of data called a cryptographic hash that is unique to the author's documents
and is used to verify the authenticity of the document.
 The signing certificate from the CA, which contains the public key and the written
proof that the CA has approved the process.
 The private key, which the author must keep confidential and which is used to
encrypt the documents.

Signing certificates assure recipients of the authenticity of both the author and
documents and that the documents are free from prior tampering or forgery. The
author sending the documents and the recipient receiving them must agree to use a
given CA.

What are the benefits of digital signatures?

Digital signatures offer the following advantages:

 Security. Security capabilities are embedded in digital signatures to ensure a legal

document isn't altered and signatures are legitimate. Security features include
asymmetric cryptography, personal identification numbers (PINs), checksums and
cyclic redundancy checks (CRCs), as well as CA and trust service provider (TSP)
validation.
 Timestamping. This provides the date and time of a digital signature and is useful
when timing is critical, such as for stock trades, lottery ticket issuance and legal
proceedings.
 Globally accepted and legally compliant. The public key infrastructure (PKI)
standard ensures vendor-generated keys are made and stored securely. With digital
 signatures becoming an international standard, more countries are accepting them as
legally binding.
 Time savings. Digital signatures simplify the time-consuming processes of physical
document signing, storage and exchange, letting businesses quickly access and sign
documents.
 Cost savings. Organizations can go paperless and save money previously spent on
the physical resources, time, personnel and office space used to manage and
transport documents.
 Positive environmental effects. Reducing paper use cuts down on the physical
waste paper generates and the negative environmental impact of transporting paper
documents.
 Traceability. Digital signatures create an audit trail that makes internal record-
keeping easier for businesses. With everything recorded and stored digitally, there
are fewer opportunities for a manual signee or record-keeper to make a mistake or
misplace something.

What are the challenges of digital signatures?

Challenges sometimes crop up when organizations use digital signatures. These

include the following:

 Insecure channels. Despite the security layer digital signatures provide, the
channels used to transmit documents can still have inadequate security measures.
Without proper encryption and authentication, they could lead to compromised
documents and data loss.
 Key management. Compromised or lost keys are useless; therefore, organizations
must be prepared to craft policies and procedures for employees to properly manage
their keys, which can be complicated.
 Compliance. Different standards are used in different jurisdictions regarding digital
signatures, so an organization must consult with legal experts or have a
knowledgeable person to handle these matters.

How do you create a digital signature?

To create a digital signature, signing software, such as an email program, is used to

provide a one-way hash of the electronic data to be signed.

A hash is a fixed-length string of letters and numbers generated by an algorithm.

The digital signature creator's private key is used to encrypt the hash. The encrypted
hash -- along with other information, such as the hashing algorithm -- is the digital
signature.
The reason for encrypting the hash instead of the entire message or document is
because a hash function can convert an arbitrary input into a fixed-length value,
which is usually much shorter. This saves time, as hashing is much faster than
signing.

The value of a hash is unique to the hashed data. Any change in the data -- even a
modification of a single character -- results in a different value. This attribute lets
others use the signer's public key to decrypt the hash to validate the integrity of the
data.

If the decrypted hash matches a second computed hash of the same data, it proves
that the data hasn't changed since it was signed. But, if the two hashes don't match,
the data has either been tampered with in some way and is compromised or the
signature was created with a private key that doesn't correspond to the public key
presented by the signer. This signals an issue with authentication.

A person creates a digital signature using a private key to encrypt a signature. At the
same time, hash data is created and encrypted. The recipient uses a signer's public
key to decrypt the signature.

A digital signature can be used with any kind of message, whether or not it's
encrypted, simply so the receiver can be sure of the sender's digital identity and that
the message arrived intact. Digital signatures make it difficult for the signer to deny
having signed something, as the digital signature is unique to both the document and
the signer, and it binds them together. This property is called nonrepudiation.
 The signing certificate is the electronic document that contains the digital signature
of the issuing CA. It's what binds together a public key with an identity and can be
used to verify that a public key belongs to a particular person or entity. Most
modern email programs support the use of digital signatures and signing certificates,
making it easy to sign any outgoing emails and validate digitally signed incoming
messages.

Digital signatures are also used to provide proof of authenticity, data integrity and
nonrepudiation of communications and transactions conducted over the internet.

Classes and types of digital signatures

There are three different classes of digital signature certificates (DSCs) as follows:

1. Class 1. This type of DSC can't be used for legal business documents because
they're validated based only on an email ID and username. Class 1 signatures
provide a basic level of security and are used in environments with a low risk of
data compromise.
2. Class 2. These DSCs are often used for electronic filing (e-filing) of tax documents,
including income tax returns and goods and services tax returns. Class 2 digital
signatures authenticate a signer's identity against a preverified database. Class 2
digital signatures are used in environments where the risks and consequences of data
compromise are moderate.
3. Class 3. The highest level of digital signatures, Class 3 signatures, require people or
organizations to present in front of a CA to prove their identity before signing. Class
3 digital signatures are used for e-auctions, e-tendering, e-ticketing and court filings,
as well as in other environments where threats to data or the consequences of a
security failure are high.

Use cases for digital signatures

Digital signature tools and services are commonly used in contract-heavy industries,
including the following:

 Government. The U.S. Government Publishing Office publishes electronic versions

of budgets, public and private laws, and congressional bills with digital signatures.
Governments worldwide use digital signatures for processing tax returns, verifying
business-to-government transactions, ratifying laws and managing contracts. Most
government entities must adhere to strict laws, regulations and standards when using
digital signatures. Many governments and businesses also use smart cards to
identify their citizens and employees. These are physical cards with an embedded
chip that contains a digital signature that provides the cardholder access to an
institution's systems or physical buildings.
 Healthcare. Digital signatures are used in the healthcare industry to improve the
efficiency of treatment and administrative processes, strengthen data security, e-
prescribe and process hospital admissions. The use of digital signatures in
healthcare must comply with the Health Insurance Portability and Accountability
Act of 1996.
 Manufacturing. Manufacturing companies use digital signatures to speed up
processes, including product design, quality assurance, manufacturing
enhancements, marketing and sales. The use of digital signatures in manufacturing
is governed by ISO and the National Institute of Standards and Technology Digital
Manufacturing Certificate.
 Financial services. The U.S. financial sector uses digital signatures for contracts,
paperless banking, loan processing, insurance documentation and mortgages. This
heavily regulated sector uses digital signatures, paying careful attention to the
regulations and guidance put forth by the Electronic Signatures in Global and
National Commerce Act (E-Sign Act), state Uniform Electronic Transactions Act
regulations, the Consumer Financial Protection Bureau and the Federal Financial
Institutions Examination Council.
 Cryptocurrencies. Bitcoin and other cryptocurrencies use digital signatures to
authenticate the blockchain they use. They're also used to manage transaction data
associated with a cryptocurrency and as a way for users to show ownership of
currency and their participation in a transaction.
 Non-fungible tokens (NFTs). Digital signatures are used with digital assets, such as
artwork, music and videos, to secure and trace these types of NFTs anywhere on the
blockchain.

Why use PKI or PGP with digital signatures?

Digital signatures use the PKI standard and the Pretty Good Privacy (PGP)
encryption program. Both reduce potential security issues that come with
transmitting public keys. They validate that the sender's public key belongs to that
individual and verify the sender's identity.

PKI is a framework for services that generate, distribute, control and account for
public key certificates. PGP is a variation of the PKI standard that uses symmetric
key and public key cryptography, but it differs in how it binds public keys to user
identities. PKI uses CAs to validate and bind a user identity with a signing
certificate, whereas PGP uses a web of trust. Users of PGP choose whom they trust
and which identities get vetted. PKI users defer to trusted CAs.

The effectiveness of a digital signature's security is dependent on the strength of the

private key security. Without PKI or PGP, it's impossible to prove someone's
identity or revoke a compromised key, and it's easier for malicious actors to
impersonate people.
 What's the difference between a digital signature and electronic signature?

Though the two terms sound similar, digital signatures are different from electronic
signatures. Digital signature is a technical term, defining the result of a
cryptographic process or mathematical algorithm that can be used to authenticate a
sequence of data. It's a type of electronic signature. The term electronic signature
(e-signature) is a legal term that's defined legislatively.

For example, in the U.S., the E-Sign Act, passed in 2000, provides a definition of an
e-signature. It stated that an e-signature is "an electronic sound, symbol or process
attached to or logically associated with a contract or other record and executed or
adopted by a person with the intent to sign the record."

E-signatures are also defined in the Electronic Signatures Directive, which the
European Union (EU) passed in 1999 and repealed in 2016. It regarded them as
equivalent to physical signatures. This act was replaced with electronic
identification, authentication and trust services, or eIDAS, which regulates e-
signatures and transactions in the EU, as well as the embedding processes that
ensure the safe conduct of online business.

This means that a digital signature, which can be expressed digitally in electronic
form and associated with the representation of a record, can be a type of e-signature.
More generally, though, an e-signature can be as simple as a signature online, like
the signer's name being entered in a web browser on a form.

To be considered valid, e-signature schemes must include the following three

capabilities:

1. A way to verify the identity of the entity signing it.

2. A way to verify the signing entity intended to affirm the document being signed.
3. A way to verify that the e-signature is associated with the signed document.

A digital signature fulfills these requirements to serve as a valid e-signature under

the following conditions:

 The public key of the digital signature is linked to the signing entity's electronic
identification.
 The digital signature can only be affixed by the holder of the public key's associated
private key, which implies the entity intends to use it for the signature.
 The digital signature only authenticates if the signed data -- for example, a
document or representation of a document -- is unchanged. If a document is altered
after being signed, the digital signature fails to authenticate.
 Authenticated digital signatures provide cryptographic proof that a stated entity
signed a document and that the document hasn't been altered. However, not all e-
signatures provide the same guarantees.

Learn how digital signatures and electronic signatures compare.

Digital signature security

Security is the main benefit of using digital signatures. Security features and
methods used in digital signatures include the following:

 PINs, passwords and codes. These are used to authenticate and verify a signer's
identity and approve their signature. Email, username and password are the most
common methods used.
 Asymmetric cryptography. This uses a public key algorithm that includes private
and public key encryption and authentication.
 Checksum. This long string of letters and numbers is used to determine the
authenticity of transmitted data. A checksum is the result of running a cryptographic
hash function on a piece of data. The value of the original checksum file is
compared against the checksum value of the calculated file to detect errors or
changes. A checksum acts like a data fingerprint.
 CRC. A type of checksum, this error-detecting code and verification feature is used
in digital networks and storage devices to detect changes to raw data.
 CA validation. CAs issue digital signatures and act as trusted third parties by
accepting, authenticating, issuing and maintaining signing certificates. The use of
CAs helps avoid the creation of fake signing certificates.
 TSP validation. This person or legal entity validates a digital signature on a
company's behalf and offers signature validation reports.

Digital signature attacks

Possible attacks on digital signatures include the following:

 Chosen-message attack. The attacker either obtains the victim's public key or tricks
the victim into digitally signing a document they don't intend to sign.
 Known-message attack. The attacker obtains messages the victim sent and a key
that enables the attacker to forge the victim's signature on documents.
 Key-only attack. The attacker has access to the victim's public key and re-creates
the victim's signature to digitally sign documents or messages that the victim doesn't
intend to sign.

Digital signature tools and vendors

There are numerous digital and electronic signature tools and technologies on the
market. Gartner has compiled a list of electronic signature tools that is worth a look:

 Adobe Acrobat Sign. This is a cloud-based service designed to provide secure e-

signatures across all types of devices. Adobe Acrobat Sign integrates with existing
applications, including Microsoft Office and Dropbox.
 Docusign. Its standards-based services ensure e-signatures are compliant with
existing regulations. Services include Express Signature for basic global
transactions and EU Qualified Signature, which complies with EU standards.
 Dropbox Sign. This tool helps users prepare, send, sign and track documents.
Features include embedded signing and templates, as well as custom branding.
Dropbox Sign integrates with applications such as Microsoft Word, Slack and Box.
 EmSigner. This product creates workflows for orchestrating and automating the
signing of digital documents.
 GetAccept. This sales collaboration platform facilitates the e-signature process for
business documents with traceability capabilities.
 OneSpan Sign. This tool provides signature authentication and validation
capabilities for commercial and banking applications.
 PandaDoc. This e-signature software lets users upload, send and collect document
payments. Users can also track document status and receive notifications when
someone opens, views, comments on or signs a document.
 SignNow. As part of AirSlate Business Cloud, SignNow provides a PDF signing
tool.
 Zoho Sign. With this tool, users can sign documents while using either Zoho or
third-party apps; it offers application programming interfaces to integrate and
automate the document signing process.
 Digital Signature Standard (DSS)

As we have studied, signature is a way of authenticating the data coming from a

trusted individual. Similarly, digital signature is a way of authenticating a digital
data coming from a trusted source. Digital Signature Standard (DSS) is a Federal
Information Processing Standard(FIPS) which defines algorithms that are used to
generate digital signatures with the help of Secure Hash Algorithm(SHA) for the
authentication of electronic documents. DSS only provides us with the digital
signature function and not with any encryption or key exchanging strategies.

Sign any document online efficiently and organize your workflow with the user-
friendly and highly secure e-signature platform SignNow. With this, you can easily
share any electronic documents for signature, keep track of them, and even sign the
documents on any device.

Sender Side: In DSS Approach, a hash code is generated out of the message and
following inputs are given to the signature function –

1. The hash code.

2. The random number ‘k’ generated for that particular signature.

3. The private key of the sender i.e., PR(a).

4. A global public key(which is a set of parameters for the communicating principles)

i.e., PU(g).
 These input to the function will provide us with the output signature containing two
components – ‘s’ and ‘r’. Therefore, the original message concatenated with the
signature is sent to the receiver. Receiver Side : At the receiver end, verification of
the sender is done. The hash code of the sent message is generated. There is a
verification function which takes the following inputs –

1. The hash code generated by the receiver.

2. Signature components ‘s’ and ‘r’.

3. Public key of the sender.

4. Global public key.

The output of the verification function is compared with the signature component
‘r’. Both the values will match if the sent signature is valid because only the sender
with the help of it private key can generate a valid signature.

Benefits of advanced signature:

1.A computerized signature gives better security in the exchange. Any unapproved
individual can’t do fakeness in exchanges.
2.You can undoubtedly follow the situation with the archives on which the
computerized mark is applied.
3.High velocity up record conveyance.
4.It is 100 percent lawful it is given by the public authority approved ensuring
authority.
5.In the event that you have marked a report carefully, you can’t deny it.
6.In this mark, When a record is get marked, date and time are consequently stepped
on it.
7.It is preposterous to expect to duplicate or change the report marked carefully.
8.ID of the individual that signs.
9.Disposal of the chance of committing misrepresentation by a sham.

Burdens of computerized signature:

1.You really want to investigate all the similarity issues. In there are a great deal of
similarity settings like a refreshed rendition of driver and programming.
2.Programming is one of the main pressing concerns while utilizing a computerized
signature testament.
3.On the off chance that you are having a place with the corporate world and
running a commodity import association, you want to create a computerized
signature for E-tagging.
4.In this signature, Lost or burglary of keys and the utilization of weak storage
spaces.
 5.There is a more grounded need for a norm through which these various strategies
can cooperate.
In this period of quick mechanical headway, a considerable lot of these tech items
have a short timeframe of realistic usability.
6.To successfully utilize a computerized signature, the two shippers and
beneficiaries might need to purchase computerized endorsements.
7.To work with computerized endorsements, the shipper and beneficiaries need to
purchase check programming at an expense.
8.A computerized signature includes the essential road for any business is cash.

What is Authentication?

Authentication is the process of verifying a user or device before allowing

access to a system or resources.

In other words, authentication means confirming that a user is who they say they
are. This ensures only those with authorized credentials gain access to secure
systems. When a user attempts to access information on a network, they must
provide secret credentials to prove their identity. Authentication allows you to grant
access to the right user at the right time with confidence. But this doesn’t occur in
isolation.

Authentication is part of a three-step process for gaining access to digital resources:

1. Identification—Who are you?

2. Authentication—Prove it.
3. Authorization—Do you have permission?

Identification requires a user ID like a username. But without identity

authentication, there’s no way to know if that username actually belongs to them.
That’s where authentication comes in—pairing the username with a password or
other verifying credentials.

The most common method of authentication is a unique login and password, but as
cybersecurity threats have increased in recent years, most organizations use and
recommend additional authentication factors for layered security.

History of Authentication

Digital authentication goes back to the 1960s when modern computers became
available at large research institutes and universities. Back then, computers were
massive—often taking up entire rooms—and a scarce resource. Most universities
that had a computer only had one. That meant students and researchers had to share
it. But this also meant that users could access other users’ files without limitation.

When Fernando Corbato, a student at MIT, noticed this weakness, he created a basic
password program that prompted the user to enter their password and saved it within
a plaintext file in the filesystem. From there, digital authentication was born.

A timeline of digital authentication

1960s: Passwords and encryption

In 1961, Corbato created a password program to use on the MIT computer system.
By the late 1960s, programmers worked to develop a stronger password solution—
one that wasn’t stored in plaintext files. Robert Morris, a cryptographer at Bell Labs,
developed a password encryption scheme while working on Unix. It used a key
derivation function that calculates a secret value and makes it easy to compute in
one direction, but not in the opposite.

1970s: Asymmetric cryptography

Asymmetric cryptography, also known as public-key cryptography, uses a
mathematically related pair of keys—one public and one private—to encrypt and
decrypt information. Asymmetric cryptography was developed in the 1970s by UK
government employees, James Ellis, Clifford Cocks, and Malcolm J. Williamson.
However, this knowledge was not made public until 1997.

1980s: Dynamic passwords

Traditional passwords quickly became insufficient as technology advanced.
Passwords were easily guessable, and many people reused their passwords, making
them vulnerable. So computer scientists developed dynamic passwords. Dynamic
passwords change based on variables like location, time, or a physical password
update. Eventually, two dynamic password protocols were introduced:

TOTP—Time-based One-Time Password(OTP), where the password is generated

based on the time requested.

HOTP—HMAC (Hash-based Message Authentication Code) OTP is an event-based

OTP, where the password is generated by a hash code that uses an incremental
counter.

Dynamic passwords are often used in combination with regular passwords as one
form of two-factor authentication.

1990s: Public key infrastructure

Once asymmetric cryptography was made public, computer scientists built on that
work and standardized it through the development of public key infrastructure
(PKI). PKI defined how to create, store, and send digital certificates—adding more
robust protection for online users and communication.

2000s: Multi-factor authentication and single sign-on

By the early 2000s, programmers built stronger authentication technologies with
layered protections.

Multi-factor authentication required users to provide two forms of verification

before gaining access. And single sign-on (SSO) streamlined the verification
process so that users only have to provide credentials at one access point—verified
by a trusted third party.

2010s: Biometrics
Before the 2010s, biometric authentication was reserved for high-security
government access and spy movies. But with the advancement of recent technology,
biometrics is now a common form of authentication—including fingerprint TouchID
and FaceID on smart devices.

Importance of Authentication

Cyberattacks are a critical threat to organizations today. As more people work

remotely and cloud computing becomes the norm across industries, the threat
landscape has expanded exponentially in recent years. As a result, 94% of
enterprise organizations have experienced a data breach—and 79% were
breached in the last two years, according to a recent study by the Identity Defined
Security Alliance (IDSA).

Additionally, research by Cybersecurity Insiders found that 90% of survey

respondents experienced phishing attacks in 2020, and another 29% experienced
credential stuffing and brute force attacks—resulting in significant helpdesk costs
from password resets.

With global cybercrime costs expected to grow by 15% per year over the next five
years, reaching $10.5 trillion USD annually by 2025, it’s more important than ever
for organizations to protect themselves.

As a result, authentication has become an increasingly important mitigation strategy

to reduce risk and protect sensitive data. Authentication helps organizations and
users protect their data and systems from bad actors seeking to gain access and steal
(or exploit) private information. These systems can include computer systems,
networks, devices, websites, databases, and other applications and services.
 Organizations that invest in authentication as part of an identity and access
management (IAM) infrastructure strategy enjoy multiple benefits, including:

 Limiting data breaches

 Reducing and managing organizational costs
 Achieving regulatory compliance

The Rise of Multi-Factor Authentication

One of the most important ways to protect data is through multi-factor

authentication (MFA). The 2021 DBIR report found that credentials are the most
frequently compromised data in a breach—especially in a phishing attack, which
typically goes after the victim’s credentials to gain further access to the target
organization.

But multi-factor authentication adds another layer of verification that can help
thwart these kinds of attacks. In other words, even if hackers steal your credentials,
that won’t be enough to get into the system.

Microsoft and Google have both recently touted the benefits of including multi-
factor authentication in their own security hygiene best practices:

"Our research shows that simply adding a recovery phone number to your Google
Account can block up to 100% of automated bots, 99% of bulk phishing
attacks, and 66% of targeted attacks that occurred during our investigation,"
Google shared.

And Microsoft found that enabling MFA blocks 99.9% of unauthorized login
attempts—even if hackers have a copy of a user's current password. This is
especially important as passwords alone are no longer enough to protect accounts,
explains Alex Weinert, Group Program Manager for Identity Security and
Protection at Microsoft.

Advances like multi-factor authentication are essential to a layered mitigation

strategy that reduces the risk of unauthorized access and brute force attacks so
organizations and users can confidently secure their accounts and other important
data.

Authentication Use Cases

Today, authentication is common practice not only among IT professionals and

scientists, but for non-technical users as well. Whether that’s logging in to Facebook
with a username and password or opening a phone with TouchID or a unique PIN,
 most people have used authentication to access their private information and devices
at home and at work.

Of course, as technology has advanced and hackers have become more adept and
widespread, new methods of authentication are gaining traction to better secure
personal, business, and government resources from unauthorized access. We’ll talk
more about these methods below.

How Does Authentication Work?

Basic authentication involves proving a user is who they say they are through
authentication methods such as a username and password, biometric information
such as facial recognition or fingerprint scans, and phone or text confirmations
(which are most often used as part of two-factor authentication methods).

But how does authentication work on the backend?

For identity authentication with a login and password (the most common form of
authentication), the process is fairly straightforward:

1. The user creates a username and password to log in to the account they want to
access. Those logins are then saved on the server.
2. When that user goes to log in, they enter their unique username and password and
the server checks those credentials against the ones saved in its database. If they
match, the user is granted access.

Keep in mind that many applications use cookies to authenticate users after the
initial login so they don’t have to keep signing in to their account every time. Each
period during which a user can log in without having to re-authenticate is called a
session. In order to keep a session open, an app will do two things when the user
logs in the first time:

1. Create a token (a string of unique characters) that is tied to the account.

2. Assign a cookie to the browser with the token attached.

When the user goes to load a secure page, the app will check the token in the
browser cookie and compare it to the one in its database. If they match, the user
maintains access without having to re-enter their credentials.

Eventually, the app destroys the token on the server, causing the user’s session to
timeout. The advantage of this type of authentication is that it creates a streamlined
user experience and saves time for the user. However, it also means that the device
or browser the user is logged in on is vulnerable if it falls into the wrong hands.
 Authentication Factors

An authentication factor is a category of credentials used to authenticate or verify a

user’s identity. Authentication factors can include passwords, security tokens (like
keys or smart cards), and biometric verification such as fingerprint scans.

There are three main authentication factors:

 Something you know (aka knowledge factors): This is the most common
authentication factor. It verifies identity by confirming users through confidential
information they have, such as a login and password.
 Something you have (aka possession factors): Users verify their identity with a
unique object such as an access card or key fob. This authentication removes the
risk of forgetting passwords; however, it means the user must have the object with
them whenever they need to access a system, and they run the risk of losing it by
accident or theft.
 Something you are (aka inherence factors): An inherence factor verifies identity
through inherent biometric characteristics of the user—like a fingerprint, voice, or
iris pattern. The advantage of biometric authentication is that they’re harder to lose
or replicate. But they can be expensive and less accurate than traditional
authentication factors.

Are there more authentication factors?

Some point to measures like location (somewhere you are) and time (what time is it)
as additional authentication factors. But, these are better categorized as security
controls or supplemental authentication.

As the National Institute of Standards and Technology (NIST), a federal agency that
publishes official cybersecurity guidelines explains:

“Other types of information, such as location data or device identity, may be used
by a relying party (RP) or verifier to evaluate the risk in a claimed identity, but they
are not considered authentication factors.”

This is because you can’t verify someone’s identity based solely on where they are
or when they are accessing a system. For example, two people can be in the same
place, but they are clearly not the same person. Their location alone cannot be an
identifying factor. Similarly, time alone cannot be used to identify someone.

But these can be applied as additional layers of secure access control to supplement
the primary authentication factors. For instance, you can schedule access during set
hours of the day or week. Users who try to access the system outside those time
 windows will be denied. Additionally, you can use location, such as a GPS location
or an IP address, to help spot anomalous activities.

Types of Authentication
Single-Factor Authentication

Single-factor authentication (SFA) or one-factor authentication involves matching

one credential to gain access to a system (i.e., a username and a password).
Although this is the most common and well-known form of authentication, it is
considered low-security and the Cybersecurity and Infrastructure Security Agency
(CISA) recently added it to its list of Bad Practices.

The main weakness is that single-factor authentication provides just one barrier.
Hackers only need to steal the credentials to gain access to the system. And
practices such as password reuse, admin password sharing, and relying on default or
otherwise weak passwords make it that much easier for hackers to guess or obtain
them.

Two-Factor Authentication

Two-factor authentication (2FA) adds a second layer of protection to your access

points. Instead of just one authentication factor, 2FA requires two factors of
authentication out of the three categories:

 Something you know (i.e., username and password)

 Something you have (e.g., a security token or smart card)
 Something you are (e.g., TouchID or other biometric credentials)

Keep in mind that although a username and password are two pieces of information,
they are both knowledge factors, so they are considered one factor. In order to
qualify as two-factor authentication, the other authentication method must come
from one of the other two categories.

2FA is more secure because even if a user’s password is stolen, the hacker will have
to provide a second form of authentication to gain access—which is much less likely
to happen.

Three-Factor Authentication

Three-factor authentication (3FA) requires identity-confirming credentials from

three separate authentication factors (i.e., one from something you know, one from
something you have, and one from something you are). Like 2FA, three-factor
authentication is a more secure authentication process and adds a third layer of
access protection to your accounts.

Multi-Factor Authentication

Multi-factor authentication (MFA) refers to any process that requires two or more
factors of authentication. Two-factor and three-factor authentication are both
considered multi-factor authentication.

Single Sign-On Authentication

Single sign-on (SSO) authentication allows users to log in and access multiple
accounts and applications using just one set of credentials. We see this most
commonly in practice with companies like Facebook or Google, which allow users
to create and sign in to other applications using their Google or Facebook
credentials. Basically, applications outsource the authentication process to a trusted
third party (such as Google), which has already confirmed the user’s identity.

SSO can improve security by simplifying username and password management for
users, and it makes logging in faster and easier. It can also reduce helpdesk time
focused on resetting forgotten passwords. Plus, administrators can still centrally
control requirements like MFA and password complexity, and it can be easier to
retire credentials after a user leaves the organization.

One-Time Password

A one-time password (OTP) or one-time PIN (sometimes called a dynamic

password) is an auto-generated password that is valid for one login session or
transaction. OTP is often used for MFA. For instance, a user will start to log in with
their username and password, which then triggers the application to send an OTP to
their registered phone or email. The user can then input that code to complete the
authentication and sign in to their account.

Passwordless Authentication

Passwordless authentication, as the name suggests, doesn’t require a password or

other knowledge-based authentication factor. Typically, the user will enter their ID
and will then be prompted to authenticate through a registered device or token.
Passwordless authentication is often used in conjunction with SSO and MFA to
improve the user experience, reduce IT administration and complexity, and
strengthen security.

Certificate-Based Authentication
Certificate-based authentication (CBA) uses a digital certificate to identify and
authenticate a user, device, or machine. A digital certificate, also known as a public-
key certificate, is an electronic document that stores the public key data, including
information about the key, its owner, and the digital signature verifying the identity.
CBA is often used as part of a two-factor or multi-factor authentication process.

Biometrics

Biometric authentication relies on biometrics like fingerprints, retinal scans, and

facial scans to confirm a user’s identity. To do this, the system must first capture
and store the biometric data. And then when the user goes to log in, they present
their biometric credentials and the system compares them to the biometric data in
their database. If they match, they’re in.

Authentication vs. Authorization

So what’s the difference between authentication and authorization?

Put simply, authentication is the process of verifying a user’s identity, and

authorization is the process of verifying what files, data, and applications that user is
allowed to access. Once a user is authenticated, authorization grants them access to
different levels of information and to perform specific functions based on
predetermined rules established for specific types of users.

For example, sales employees may have access to certain applications and databases
that enable them to do their jobs and collaborate effectively. But they won’t have
access to the backend servers and software that IT uses to manage the company’s
information infrastructure. This security strategy is called least-privilege access (or
formally, principle of least privilege [POLP]), and it ensures users are granted
access only to the information and systems they need to do their jobs—nothing
more, nothing less. This protects the organization’s data by limiting the number of
users who can access confidential information, reducing the surface area for threats.

Organizations can use authentication and authorization as part of a strategic

framework for intelligently controlling access across their systems.

Emerging Authentication Trends

Authentication methods are continually evolving. As security threats become

increasingly complex, we’ll see more and more advanced authentication protocols to
ensure secure access across industries. One of the biggest trends will be in
improving and expanding biometric authentication capabilities.
Statista reports that the global biometric system market is forecast to reach nearly
$43 billion in 2022. And the market is expected to explode in the coming years,
reaching a size of $83 billion by 2027.

Another key area of growth will be in adaptive authentication. This next generation
of MFA relies on artificial intelligence and machine learning to identify additional
user information such as location, time, and device to contextualize the login
attempt and flag suspicious access behavior.

As security threats grow more complex, adaptive MFA measures will be essential
for locking out bad actors.

Securing a Brighter Future

Strong authentication methods are critical to securing your organization and

reducing risks that threaten your future viability. Yet, weak authentication remains a
common vulnerability for information systems.

As the CISA Capacity Enhancement Guide illustrates: “An asset with the weakest
method of authentication becomes a potential path to bypass stronger authentication
for a system that it is connected to. A concrete and steel building with reinforced
doors and sophisticated locks can still easily be entered by intruders if there are
large, open windows.”

Authentication at StrongDM

StrongDM’s infrastructure access platform provides comprehensive access

management solutions for your entire organization. Manage and audit access to your
databases, servers, clusters, and web apps - all from one simple solution.

StrongDM secures access at every step from authentication to authorization,

delivering full-stack observability so you know you’re covered at every access
point.

Protect your infrastructure, including all your sensitive data, with StrongDM. Book
a no-BS demo today.

Authentication FAQ
Which is the most accurate definition of authentication in cybersecurity?

The most accurate definition of authentication in cybersecurity is the process of

verifying the identity of a user or device before granting access to a system or
resources. This process ensures that the individual or device attempting to gain
 access is indeed who or what it claims to be, typically by using credentials such as
passwords, biometrics, or tokens. Authentication is a critical component of security
frameworks, ensuring that only authorized entities can access sensitive information
and systems.

What is the most common method used to authenticate a user’s identity for
today’s computer systems and shared data resources?

The most common method used to authenticate a user’s identity for today’s
computer systems and shared data resources is through the use of passwords.
Password-based authentication is widely adopted due to its simplicity and ease of
implementation. Users create and use a unique password to verify their identity,
which the system checks against stored credentials to grant access.

Types of Authentication Protocols

Authentication protocols are methods or procedures used to verify the identity of a

user, device, or system. These protocols are designed to ensure that only authorized
users or devices are able to access protected resources, and to prevent unauthorized
access or tampering.

Types of Authentication

There are many different types of authentication protocols in use today, each with
its own strengths and weaknesses. Here are some common types of authentication −

 Password-based authentication − This is the most common form of

authentication, in which a user provides a username and password to log in to a
system or access a protected resource. Password-based authentication is relatively
simple to implement, but can be vulnerable to attacks such as dictionary attacks or
brute force attacks.
 Two-factor authentication − This is a type of authentication that requires a user to
provide two forms of identification, such as a password and a security token, to log
in to a system or access a protected resource. Two-factor authentication can provide
an additional layer of security, but may be inconvenient for users and may require
additional infrastructure to support.
 Biometric authentication − This is a type of authentication that uses physical or
behavioral characteristics,such as a fingerprint or facial recognition, to verify the
identity of a user.Biometric authentication can be highly secure, but may be
expensive to implement and may not work well for all users (e.g., due to differences
in physical characteristics).
It is important to choose an appropriate authentication protocol for your specific
needs, taking into account factors such as the level of security required, the type of
resources being protected, and the convenience and cost of implementing the
protocol.

The Most Common Authentication Protocols are:

Kerberos

LDAP

OAuth2

SAML

RADIUS

Kerberos

Kerberos is an authentication protocol that is used to securely identify users and

devices on a network. It is designed to prevent attacks such as eavesdropping and
replay attacks, and to allow users to securely access network resources without
transmitting their passwords over the network.

The Kerberos protocol works by using a trusted third party, known as the Kerberos
authentication server, to verify the identity of users and devices. When a user or
device wants to access a network resource, they request access from the Kerberos
authentication server. The authentication server verifies the user's identity and issues
a ticket granting ticket (TGT) to the user, which can be used to request access to
specific resources on the network.

The user or device can then use the TGT to request access to a specific network
resource from the authentication server. The authentication server verifies the TGT
and issues a service ticket (ST) to the user or device, which can be used to access
the requested resource. The user or device presents the ST to the resource server,
which grants access if the ST is valid.

Lightweight Directory Access Protocol (LDAP)

LDAP (Lightweight Directory Access Protocol) is a network protocol used to access

and manage directory services, such as those provided by Active Directory or
OpenLDAP. LDAP is designed to be a simple, fast, and secure protocol for
accessing directory services over a network.
LDAP directory services are used to store and manage information about users,
devices, and other objects in an organization. This information is organized in a
hierarchical structure, with each object represented by an entry in the directory.
LDAP enables users and applications to access and manipulate this information over
a network using standard commands and protocols.

LDAP is typically used to authenticate users and devices, to look up information

about users and devices, and to manage access to network resources. It is often used
in conjunction with other protocols, such as Kerberos, to provide a complete
solution for authentication and access control.

OAuth2

OAuth2 (Open Authorization 2.0) is an open standard for authorization that enables
users to grant third-party applications access to their resources (such as data or
services) without sharing their passwords. OAuth2 is used to enable secure
authorization from web, mobile, and desktop applications.

The OAuth2 protocol works by allowing a user to grant a third-party application

access to their resources without sharing their password. Instead, the user is
redirected to a login page, where they can grant access to the third-party application
by authenticating with their username and password. The third-party application can
then use an access token to access the user's resources on their behalf.

SAML

SAML (Security Assertion Markup Language) is a standard protocol used to

securely exchange authentication and authorization data between organizations. It is
commonly used to enable single sign-on (SSO) and to provide secure access to web-
based resources.

The SAML protocol works by allowing a user to authenticate with a SAML identity
provider (IdP), which is a system that verifies the user's identity and issues an
assertion (a statement) about the user's identity. The assertion is then provided to a
SAML service provider (SP), which is a system that provides access to a web-based
resource. The SP uses the assertion to grant the user access to the resource without
requiring the user to authenticate again.

RADIUS

RADIUS (Remote Authentication Dial-In User Service) is a networking protocol

used to manage and authenticate users who connect to a network. It is commonly
used to authenticate users who connect to a network using a dial-up connection, but
it can also be used to authenticate users who connect to a network using other
technologies, such as wireless or VPN.

The RADIUS protocol works by allowing a user to authenticate with a RADIUS

server, which is a system that verifies the user's identity and authorizes their access
to the network. When a user attempts to connect to the network, the RADIUS server
receives a request for access and authenticates the user using the user's credentials
(such as a username and password). If the user is authenticated, the RADIUS server
grants access to the network and assigns the user a set of network parameters (such
as an IP address and a subnet mask).

Authentication Applications

What is Kerberos?

Kerberos is a computer network security protocol that authenticates service requests

between two or more trusted hosts across an untrusted network, like the internet.
Initially developed by the Massachusetts Institute of Technology (MIT) for Project
Athena in the late '80s, it's now a default authorization technology in Microsoft
Windows and is also implemented in other operating systems like Apple OS,
FreeBSD, UNIX, and Linux.

How Does Kerberos Work?

Kerberos employs secret-key cryptography and a trusted third party, the Key
Distribution Center (KDC), to authenticate client-server applications and verify user
identities. The KDC provides authentication and ticket-granting services, issuing
"tickets" for secure identity verification. This process uses shared secret
cryptography, protecting against eavesdropping and replay attacks.

What is Kerberos Used For?

Although Kerberos is found everywhere in the digital world, it is employed heavily

on secure systems that depend on reliable auditing and authentication features.
Kerberos is used in Posix authentication, and Active Directory, NFS, and Samba.
It's also an alternative authentication system to SSH, POP, and SMTP.

The main uses of Kerberos include:

Single Sign-On (SSO)

Kerberos enables users to authenticate once and obtain a ticket, known as a

Kerberos ticket-granting ticket (TGT). This TGT can be used to request service
 tickets for various resources without repeatedly providing credentials. This SSO
capability improves user convenience and reduces the need for managing multiple
passwords.

Network Authentication

Kerberos provides a secure mechanism for verifying the identity of network

services, such as servers and applications. Clients can request a service ticket from
the Key Distribution Center (KDC) using their TGT, and the service ticket is used to
authenticate and establish a secure session with the requested service.

Mutual Authentication

Kerberos ensures mutual authentication, meaning both the client and the server
authenticate each other during the initial authentication process. This prevents
impersonation and man-in-the-middle attacks by verifying the authenticity of both
parties involved in the communication.

Authorization

Kerberos can also be used to enforce access control policies. Once a client is
authenticated, the Kerberos ticket includes information about the client's identity
and access permissions. Servers can use this information to enforce authorization
rules and grant or deny access to specific resources based on the client's privileges.

What Does Kerberos Authentication Protocol Do?

MIT developed this protocol for a project named Athena. It gets its name from the
three-headed dog of Hades, who guarded hell in Greek Mythology. They chose this
name because the Kerberos protocol represents the following three things:

 Client

 Network Resource (Application server)

 Key Distribution Center (KDC)

With these three components, Kerberos enables trusted host authentication over
untrusted networks. Kerberos ensures that only authorized users can access the
network resources. Additionally, it provides AAA security: Authentication,
Authorization, and Accounting.
 MIT developers developed Kerberos to authenticate themselves to their required
systems securely. But Kerberos also authorized the users. The development of
Kerberos happened when most systems transferred unencrypted passwords. That
means hackers can get unauthorized access. Therefore, the development of Kerberos
was out of necessity.

Its designers were S.P. Miller, B.C. Neuman, J.I. Schiller and J.H. Saltzer.

In Kerberos, KDC grants tickets. These allow different hosts to prove their identity.
In addition, the developers intended for Kerberos' authentication that supports
authorizations. That means a client authenticated by Kerberos also has access.

The Benefits of Kerberos Authentication

Kerberos brings a host of advantages to any cybersecurity setup. Its advantages

include:

 Effective Access Control: Kerberos gives users a single point to keep track of logins
and security policy enforcement.
 Limited Lifetime for Key Tickets: Each Kerberos ticket has a timestamp, lifetime
data, and authentication duration controlled by the administrator.
 Mutual Authentication: Service systems and users can authenticate each other.
 Reusable Authentication: Kerberos user authentication is reusable and durable,
requiring each user to get verified by the system just once. As long as the ticket is in
effect, the user won’t have to keep entering their personal information for
authentication purposes.
 Strong and Diverse Security Measures: Kerberos security authentication protocols
employ cryptography, multiple secret keys, and third-party authorization, creating a
strong, secure defense. Passwords do not get sent over networks, and all secret keys
are encrypted.

As a part of the learning flow of learning what Kerberos is, let’s check out the
Kerberos protocol flow.

How Do Kerberos Authentication Protocols Work?

Below you can see a crude version of how the Kerberos Authentication Protocols
work:

 Authentication Server Request: The client requests authentication from KDC. This
authentication request would be in plain text.
 Authentication Server Response: KDC sends a TGT and a session key if the client
exists in the database. If the client is not in the database, the authentication fails.
 Service Ticket Request: The client asks for the service ticket along with the TGT
sent earlier by the KDC.
 Service Ticket Response: KDC sends the ticket encrypted with the session key. The
client can use the session key sent earlier by KDC to decrypt the service ticket.
 Application Server Request: The client requests the application server for access
using the service ticket. T
 Application Server Response: The application server authenticates the client. It
sends a ticket that will grant access to that particular service.

The service ticket has a specific expiry time. You can use the same session ticket to
access services until it expires. The default lifetime of a Kerberos ticket is 600
minutes.

Kerberos Protocol Flow Overview

Here’s a more detailed look at what Kerberos authentication is all about. We will
also learn how it works by breaking it down into its core components.

Here are the principal entities involved in the typical Kerberos workflow:

 Client: The client acts on behalf of the user and initiates communication for a
service request
 Server: The server hosts the service the user wants to access
 Authentication Server (AS): The AS performs the desired client authentication. If
the authentication happens successfully, the AS issues the client a ticket called TGT
(Ticket Granting Ticket). This ticket assures the other servers that the client is
authenticated
 Key Distribution Center (KDC): In a Kerberos environment, the authentication
server logically separated into three parts: A database (db), the Authentication
Server (AS), and the Ticket Granting Server (TGS). These three parts, in turn, exist
in a single server called the Key Distribution Center
 Ticket Granting Server (TGS): The TGS is an application server that issues service
tickets as a service

Now let's break down the protocol flow.

First, there are three crucial secret keys involved in the Kerberos flow. There are
unique secret keys for the client/user, the TGS, and the server shared with the AS.

 Client/user: Hash derived from the user's password

 TGS secret key: Hash of the password employed in determining the TGS
 Server secret key: Hash of the password used to determine the server providing the
service.
The protocol flow consists of the following steps:

Step 1: Initial client authentication request: The user asks for a Ticket Granting
Ticket (TGT) from the authentication server (AS). This request includes the client
ID.

Step 2: KDC verifies the client's credentials. The AS checks the database for the
client and TGS's availability. If the AS finds both values, it generates a client/user
secret key, employing the user's password hash.

The AS then computes the TGS secret key and creates a session key (SK1)
encrypted by the client/user secret key. The AS then generates a TGT containing the
client ID, client network address, timestamp, lifetime, and SK1. The TGS secret key
then encrypts the ticket.

Step 3: The client decrypts the message. The client uses the client/user secret key to
decrypt the message and extract the SK1 and TGT, generating the authenticator that
validates the client's TGS.

Step 4: The client uses TGT to request access. The client requests a ticket from the
server offering the service by sending the extracted TGT and the created
authenticator to TGS.

Step 5: The KDC creates a ticket for the file server. The TGS then uses the TGS
secret key to decrypt the TGT received from the client and extracts the SK1. The
TGS decrypts the authenticator and checks to see if it matches the client ID and
client network address. The TGS also uses the extracted timestamp to make sure the
TGT hasn't expired.

If the process conducts all the checks successfully, then the KDC generates a service
session key (SK2) that is shared between the client and the target server.

Finally, the KDC creates a service ticket that includes the client id, client network
address, timestamp, and SK2. This ticket is then encrypted with the server's secret
key obtained from the db. The client receives a message containing the service
ticket and the SK2, all encrypted with SK1.

Step 6: The client uses the file ticket to authenticate. The client decrypts the
message using SK1 and extracts SK2. This process generates a new authenticator
containing the client network address, client ID, and timestamp, encrypted with
SK2, and sends it and the service ticket to the target server.
 Step 7: The target server receives decryption and authentication. The target server
uses the server's secret key to decrypt the service ticket and extract the SK2. The
server uses SK2 to decrypt the authenticator, performing checks to make sure the
client ID and client network address from the authenticator and the service ticket
match. The server also checks the service ticket to see if it's expired.

Once the checks are met, the target server sends the client a message verifying that
the client and the server have authenticated each other. The user can now engage in
a secure session.

After coming so far in learning what Kerberos is, let us next look into the topic if
Kerberos is infallible.

Kerberos Objects Concepts and Terms

Most goals of Kerberos deal with password management. It ensures that passwords
do not get transmitted over the network. They will not be on the client systems; the
system will discard them immediately after use. Passwords should not be in plain
text while storing. And each session must use only one password.

Additionally, all authentication information will be in a centralized server. That

means

 An administrator can restrict access of any client from a centralized server.

 A single user password can access all the services.
 Protecting user information becomes less complicated as you only have to secure
one server.

In Kerberos, all entities must authenticate to each other upon prompt.

The following entities use Kerberos protocols:

 Kerberos Principals: They represent a unique ID assigned to the ticket. It is the same
as the user ID for most users. Kerberos identifies a principal with the following
information:
o For users: it is the username; for hosts: the word host. And for services, the principal
is the name of the service.
o An optional identifier that specifies the hostname
o The name of the Kerberos realm in which the Kerberos server operates.
 Kerberos Application Servers: They provide access to the resources clients need.
 Kerberos KDC: This entity provides access to the resources, such as terminal
emulation and remote computing.
1. Kerberos Database: This database has the record of each principal. It is a centralized
repository of Kerberos and contains the identification of clients and their access.
2. Kerberos Authentication Service: This service grants the Ticket Granting Ticket
(TGT) for clients.
3. Kerberos Ticket Granting Service: This service authenticates the clients based on
the TGT.

After authentication, the user gets an authentication ticket. The client can use the
authentication ticket to get tickets for accessing application services.

Kerberos vs. Other Network Authentication Protocols

There are other authentication protocols besides Kerberos; you can read them
below.

Kerberos vs. Microsoft New Technology LAN Manager (NTLM)

NTLM by Microsoft is the former technology used by Windows. From Windows

2000, all editions use Kerberos. In addition, NTLM used a challenge-response
authentication. Here, the server asks a question, and the client must answer.

Kerberos vs. Lightweight Directory Access Protocol (LDAP)

Using LDAP, you can maintain information about users. Moreover, you can find
Kerberos and LDAP on one network: LDAP provides authorization service, and
Kerberos authenticates.

Kerberos vs. Remote Authentication Dial-in User Service (RADIUS)

Its goal was to allow dial-in users to access Internet Service Providers remotely.
However, network services use it for accounting and authenticating along with
Kerberos.

Is Kerberos Secure?

Now, you know the answer to the question, "What is Kerberos?". You might be
wondering if it is secure.

Security practitioners worldwide consider Kerberos to be secure. It has strong

encryption to secure data. However, security researchers have found few ways to
defeat Kerberos.

 Pass-the-key attack: Attackers impersonate clients by using their credentials.

 Pass-the-ticket attack: Attackers use the ticket when KDC sends the session ticket.
 Golden ticket attack: Attackers use Windows domain controllers to create client
credentials.

Can Kerberos be Hacked?

No security measure is 100% impregnable, and Kerberos is no exception. Since it's

been around for so long, hackers have had the opportunity over the years to find
ways around it, usually by forging tickets, making repeated attempts to guess
passwords (brute force/credential stuffing), and using malware to downgrade the
encryption.

Despite this, Keberos is still the best security access protocol available today. The
protocol is flexible enough to employ more robust encryption algorithms to help
combat new threats, and if users practice good password choice policies, you should
be fine!

X.509 Authentication Service

X.509 is a digital certificate that is built on top of a widely trusted standard known
as ITU or International Telecommunication Union X.509 standard, in which the
format of PKI certificates is defined. X.509 digital certificate is a certificate-based
authentication security framework that can be used for providing secure transaction
processing and private information. These are primarily used for handling the
security and identity in computer networking and internet-based communications.

Working of X.509 Authentication Service Certificate:

The core of the X.509 authentication service is the public key certificate connected
to each user. These user certificates are assumed to be produced by some trusted
certification authority and positioned in the directory by the user or the certified
authority. These directory servers are only used for providing an effortless reachable
location for all users so that they can acquire certificates. X.509 standard is built on
an IDL known as ASN.1. With the help of Abstract Syntax Notation, the X.509
certificate format uses an associated public and private key pair for encrypting and
decrypting a message.

Once an X.509 certificate is provided to a user by the certified authority, that

certificate is attached to it like an identity card. The chances of someone stealing it
or losing it are less, unlike other unsecured passwords. With the help of this
analogy, it is easier to imagine how this authentication works: the certificate is
basically presented like an identity at the resource that requires authentication.
Public Key certificate use

Format of X.509 Authentication Service Certificate:

 Generally, the certificate includes the elements given below:

 Version number: It defines the X.509 version that concerns the certificate.
 Serial number: It is the unique number that the certified authority issues.
 Signature Algorithm Identifier: This is the algorithm that is used for signing the
certificate.
 Issuer name: Tells about the X.500 name of the certified authority which signed
and created the certificate.
 Period of Validity: It defines the period for which the certificate is valid.
 Subject Name: Tells about the name of the user to whom this certificate has been
issued.
 Subject’s public key information: It defines the subject’s public key along with
an identifier of the algorithm for which this key is supposed to be used.
 Extension block: This field contains additional standard information.
 Signature: This field contains the hash code of all other fields which is encrypted
by the certified authority private key.

Applications of X.509 Authentication Service Certificate:

Many protocols depend on X.509 and it has many applications, some of them are
given below:

 Document signing and Digital signature

 Web server security with the help of Transport Layer Security (TLS)/Secure Sockets
Layer (SSL) certificates
 Email certificates
 Code signing
 Secure Shell Protocol (SSH) keys
 Digital Identities

UNIT IV E-MAIL AND IP SECURITY

Introduction to Electronic Mail

Introduction:
Electronic mail, commonly known as email, is a method of exchanging
messages over the internet. Here are the basics of email:

1. An email address: This is a unique identifier for each user, typically in the format of
[email protected].
2. An email client: This is a software program used to send, receive and manage
emails, such as Gmail, Outlook, or Apple Mail.
3. An email server: This is a computer system responsible for storing and forwarding
emails to their intended recipients.

To send an email:

1. Compose a new message in your email client.

2. Enter the recipient’s email address in the “To” field.
3. Add a subject line to summarize the content of the message.
4. Write the body of the message.
5. Attach any relevant files if needed.
6. Click “Send” to deliver the message to the recipient’s email server.
7. Emails can also include features such as cc (carbon copy) and bcc (blind carbon
copy) to send copies of the message to multiple recipients, and reply, reply all, and
forward options to manage the conversation.
 Electronic Mail (e-mail) is one of most widely used services of Internet. This
service allows an Internet user to send a message in formatted manner (mail) to
the other Internet user in any part of world. Message in mail not only contain text,
but it also contains images, audio and videos data. The person who is sending mail
is called sender and person who receives mail is called recipient. It is just like
postal mail service. Components of E-Mail System : The basic components of an
email system are : User Agent (UA), Message Transfer Agent (MTA), Mail Box,
and Spool file. These are explained as following below.

1. User Agent (UA) : The UA is normally a program which is used to send and
receive mail. Sometimes, it is called as mail reader. It accepts variety of commands
for composing, receiving and replying to messages as well as for manipulation of
the mailboxes.
2. Message Transfer Agent (MTA) : MTA is actually responsible for transfer of mail
from one system to another. To send a mail, a system must have client MTA and
system MTA. It transfer mail to mailboxes of recipients if they are connected in the
same machine. It delivers mail to peer MTA if destination mailbox is in another
machine. The delivery from one MTA to another MTA is done by Simple Mail
Transfer Protocol.

3. Mailbox : It is a file on local hard drive to collect mails. Delivered mails are present
in this file. The user can read it delete it according to his/her requirement. To use e-
mail system each user must have a mailbox . Access to mailbox is only to owner of
mailbox.
4. Spool file : This file contains mails that are to be sent. User agent appends outgoing
mails in this file using SMTP. MTA extracts pending mail from spool file for their
delivery. E-mail allows one name, an alias, to represent several different e-mail
addresses. It is known as mailing list, Whenever user have to sent a message,
system checks recipient’s name against alias database. If mailing list is present for
defined alias, separate messages, one for each entry in the list, must be prepared and
handed to MTA. If for defined alias, there is no such mailing list is present, name
itself becomes naming address and a single message is delivered to mail transfer
entity.

Services provided by E-mail system :

 Composition – The composition refer to process that creates messages and answers.
For composition any kind of text editor can be used.
 Transfer – Transfer means sending procedure of mail i.e. from the sender to
recipient.
 Reporting – Reporting refers to confirmation for delivery of mail. It help user to
check whether their mail is delivered, lost or rejected.
 Displaying – It refers to present mail in form that is understand by the user.
 Disposition – This step concern with recipient that what will recipient do after
receiving mail i.e save mail, delete before reading or delete after reading.

Advantages Or Disadvantages:
Advantages of email:

1. Convenient and fast communication with individuals or groups globally.

2. Easy to store and search for past messages.
3. Ability to send and receive attachments such as documents, images, and videos.
4. Cost-effective compared to traditional mail and fax.
5. Available 24/7.

Disadvantages of email:

1. Risk of spam and phishing attacks.

2. Overwhelming amount of emails can lead to information overload.
3. Can lead to decreased face-to-face communication and loss of personal touch.
4. Potential for miscommunication due to lack of tone and body language in written
messages.
5. Technical issues, such as server outages, can disrupt email service.
6. It is important to use email responsibly and effectively, for example, by keeping the
subject line clear and concise, using proper etiquette, and protecting against security
threats.
 What is email security?

Email security is the process of preventing email-based cyber attacks and unwanted
communications. It spans protecting inboxes from takeover, protecting domains
from spoofing, stopping phishing attacks, preventing fraud, blocking malware
delivery, filtering spam, and using encryption to protect the contents of emails from
unauthorized persons.

Security and privacy were not built into email when it was first invented, and
despite email's importance as a communication method, these are still not built into
email by default. As a result, email is a major attack vector for organizations large
and small, and for individual people as well.

What kinds of attacks occur via email?

Some of the common types of email attacks include:

 Fraud: Email-based fraud attacks can take a variety of forms, from the classic
advance-fee scams directed at everyday people to business email compromise
(BEC) messages that aim to trick large enterprise accounting departments into
transferring money to illegitimate accounts. Often the attacker will use domain
spoofing to make the request for funds look like it comes from a legitimate source.
 Phishing: A phishing attack tries to get the victim to give the attacker sensitive
information. Email phishing attacks may direct users to a fake webpage that collects
credentials, or simply pressure the user to send the information to an email address
secretly controlled by the attacker. Domain spoofing is also common in attacks like
these.
 Malware: Types of malware delivered over email include spyware, scareware,
adware, and ransomware, among others. Attackers can deliver malware via email in
several different ways. One of the most common is including an email attachment
that contains malicious code.
 Account takeover: Attackers take over email inboxes from legitimate users for a
variety of purposes, such as monitoring their messages, stealing information, or
using legitimate email addresses to forward malware attacks and spam to their
contacts.
 Email interception: Attackers can intercept emails in order to steal the information
they contain, or to carry out on-path attacks in which they impersonate both sides of
a conversation to each other. The most common method for doing this is monitoring
network data packets on wireless local area networks (LANs), as intercepting an
email as it transits the Internet is extremely difficult.

Email domain spoofing

 Email domain spoofing is important in several types of email-based attacks, as it
allows attackers to send messages from legitimate-seeming addresses. This
technique allows attackers to send an email with a forged "from" address. For
example, if Chuck wants to trick Bob with an email, Chuck might send Bob an
email from the domain "@trustworthy-bank.com," even though Chuck does not
really own the domain "trustworthy-bank.com" or represent that organization.

What is a phishing attack?

Phishing is an attempt to steal sensitive data, typically in the form of usernames,

passwords, or other important account information. The phisher either uses the
stolen information themselves, for instance to take over the user's accounts with
their password, or sells the stolen information.

Phishing attackers disguise themselves as a reputable source. With an enticing or

seemingly urgent request, an attacker lures the victim into providing information,
just as a person uses bait while fishing.

Phishing often takes place over email. Phishers either try to trick people into
emailing information directly, or link to a webpage they control that is designed to
look legitimate (for instance, a fake login page where the user enters their
password).

There are several types of phishing:

 Spear phishing is highly targeted and often personalized to be more convincing.

 Whaling targets important or influential persons within an organization, such as
executives. This is a major threat vector in enterprise email security.
 Non-email phishing attacks include vishing (phishing via phone call), smishing
(phishing via text message), and social media phishing.

An email security strategy can include several approaches for blocking phishing
attacks. Email security solutions can filter out emails from known bad IP addresses.
They can block or remove links embedded within emails to stop users from
navigating to phishing webpages. Or, they can use DNS filtering to block these
webpages. Data loss prevention (DLP) solutions can also block or redact outgoing
messages containing sensitive information.

Finally, an organization's employees should receive training on how to recognize a

phishing email.

How are email attachments used in attacks?

 Email attachments are a valuable feature, but attackers use this email capability to
send malicious content to their targets, including malware.

One way they can do this is by simply attaching the malicious software as an .exe
file, then tricking the recipient into opening the attachment. A far more common
approach is to conceal malicious code within an innocent-seeming document, like a
PDF or a Word file. Both these file types support the inclusion of code — such as
macros — that attackers can use to perform some malicious action on the recipient's
computer, like downloading and opening malware.

Many ransomware infections in recent years have started with an email attachment.
For example:

 Ryuk ransomware often enters a network through a TrickBot or Emotet infection,

both of which spread via email attachments
 Maze ransomware uses email attachments to gain a foothold within the victim's
network
 Petya ransomware attacks also usually started out with an email attachment

Part of email security involves blocking or neutralizing these malicious email

attachments; this can involve scanning all emails with anti-malware to identify
malicious code. In addition, users should be trained to ignore unexpected or
unexplained email attachments. For web-based email clients, browser isolation can
also help nullify these attacks, as the malicious attachment is downloaded in a
sandbox separate from the user's device.

What is spam?

Spam is a term for unwanted or inappropriate email messages, sent without the
recipient's permission. Almost all email providers offer some degree of spam
filtering. But inevitably, some spam messages still reach user inboxes.

Spammers gain a bad "email sender reputation"* over time, leading to more and
more of their messages getting marked as spam. For this reason they are often
motivated to take over user inboxes, steal IP address space, or spoof domains in
order to send spam that is not detected as spam.

Individuals and organizations can take several approaches to cut down on the spam
they receive. They can reduce or eliminate public listings of their email addresses.
They can implement a third-party spam filter on top of the filtering provided by
their email service. And they can be consistent about marking spam emails as spam,
in order to better train the filtering they do have.
 *If a large percentage of a sender’s emails are unopened or marked as spam by
recipients, or if a sender’s messages bounce too much, ISPs and email services
downgrade their email sender reputation.

How do attackers take over email accounts?

Attackers can use a stolen inbox for a wide range of purposes, including sending
spam, initiating phishing attacks, distributing malware, harvesting contact lists, or
using the email address to steal more of the user's accounts.

They can use a number of methods to break into an email account:

 Purchasing lists of previously stolen credentials: There have been many personal
data breaches over the years, and lists of stolen username/password credentials
circulate widely on the dark web. An attacker can purchase such a list and use the
credentials to break into users' accounts, often via credential stuffing.
 Brute force attacks: In a brute force attack, an attacker loads a login page and uses
a bot to rapidly guess a user's credentials. Rate limiting and limits on password entry
effectively stop this method.
 Phishing attacks: The attacker may have conducted a previous phishing attack to
obtain the user's email account login credentials.
 Web browser infections: Similar to an on-path attack, a malicious party can infect
a user's web browser in order to see all the information they enter on webpages,
including their email username and password.
 Spyware: The attacker may have already infected the user's device and installed
spyware to track everything they type, including their email username and
password.

Using multi-factor authentication (MFA) instead of single-factor password

authentication is one way to protect inboxes from compromise. Enterprises may also
want to require their users to go through a single sign-on (SSO) service instead of
logging directly into email.

How does encryption protect email?

Encryption is the process of scrambling data so that only authorized parties can
unscramble and read it. Encryption is like putting a sealed envelope around a letter
so that only the recipient can read the letter's contents, even though any number of
parties will handle the letter as it goes from sender to recipient.

Encryption is not built into email automatically; this means sending an email is like
sending a letter with no envelope protecting its contents. Because emails often
contain personal and confidential data, this can be a big problem.
Just as a letter does not instantly go from one person to another, emails do not go
straight from the sender to the recipient. Instead, they traverse multiple connected
networks and are routed from mail server to mail server until they finally reach the
recipient. Anyone in the middle of this process could intercept and read the email if
it is not encrypted, including the email service provider. However, the most likely
place for an email to be intercepted is close to the origin of the email, via a
technique called packet sniffing (monitoring data packets on a network).

Encryption is like putting a sealed envelope around an email. Most email encryption
works by using public key cryptography (learn more). Some email encryption is
end-to-end; this protects email contents from the email service provider, in addition
to any external parties.

How do DNS records help prevent email attacks?

The Domain Name System (DNS) stores public records about a domain, including
that domain's IP address. The DNS is essential for enabling users to connect to
websites and send emails without memorizing long alphanumeric IP addresses.

There are specialized types of DNS records that help ensure emails are from a
legitimate source, not an impersonator: SPF records, DKIM records, and DMARC
records. Email service providers check emails against all three of these records to
see if they are from the place they claim to be from and have not been altered in
transit.

The Cloudflare Email DNS Security Wizard helps domain owners quickly and
correctly configure these crucial DNS records. To learn more, see our blog post.

How can phishing attacks be stopped?

Many email providers have some built-in phishing protection (and the DNS records
listed above are usually one of the signals they look at for blocking phishing
attempts). However, phishing emails still regularly get through to user inboxes.
Many organizations employ additional phishing protection to better defend their
users and networks.

Cloudflare Area 1 Email Security offers cloud-based phishing protection. Cloudflare

Area 1 discovers phishing infrastructure in advance and analyzes traffic patterns to
correlate attacks and identify phishing campaigns. Read in more detail about how
this anti-phishing service works.

PGP – Authentication and Confidentiality

Last Updated : 23 May, 2024




During 2013, the NSA (United States National Security Agency) scandal was leaked
to the public, people started to opt for services that could provide a strong privacy
for their data. Among the services people opted for, most particularly for Emails,
were different plug-ins and extensions for their browsers. Interestingly, among the
various plug-ins and extensions that people started to use, two main programs were
solely responsible for the complete email security that the people needed. One was
S/MIME which we will see later and the other was PGP.

What is PGP?

Pretty Good Privacy (PGP) is an encryption software program software designed to

ensure the confidentiality, integrity, and authenticity of virtual communications and
information. Developed with the aid of Phil Zimmermann in 1991, PGP has emerge
as a cornerstone of present-day cryptography, notably regarded as one of the best
methods for securing digital facts.

At its core, PGP employs a hybrid cryptographic method, combining symmetric-key

and public-key cryptography techniques. Symmetric-key cryptography entails the
use of a single mystery key to each encrypt and decrypt statistics. Conversely,
public-key cryptography utilizes a pair of mathematically associated keys: a public
key, that is freely shared and used for encryption, and a personal key, that is stored
in mystery and used for decryption.

Evolution and Advancement of Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) has undergone extensive evolution and advancement
because its inception in 1991. Developed with the aid of Phil Zimmermann, PGP
was to start with conceived as a tool to permit stable communique and protect man
or woman privacy in the face of developing concerns approximately authorities
surveillance and statistics interception.

1. Early Development (1991-1996): PGP turned into first launched as freeware,

allowing users to encrypt and decrypt e-mail messages and files the usage of public-
key cryptography. This early version of PGP utilized the RSA algorithm for public-
key encryption and the IDEA cipher for symmetric-key encryption. Despite its
groundbreaking skills, PGP faced prison demanding situations due to export
regulations on cryptographic software.
2. International Expansion and Standardization (1996-2000): In 1997, PGP
changed into acquired with the aid of Network Associates Inc. (NAI), which
continued its improvement and improved its international presence. During this
period, PGP have become a de facto preferred for e mail encryption and digital
signatures, with support for multiple platforms and electronic mail customers. The
OpenPGP standard, primarily based on the original PGP protocol, changed into
established to make certain interoperability and compatibility among specific
implementations of PGP.

3. Open Source Development (2000-Present): In response to concerns about the

proprietary nature of PGP and the need for transparency and security, the OpenPGP
Working Group become shaped to increase an open-supply version of PGP. This
caused the advent of GnuPG (GNU Privacy Guard), an open-supply implementation
of the OpenPGP trendy. GnuPG remains actively maintained and widely used as a
loose opportunity to industrial PGP software program.

4. Modernization and Integration (2000s-Present): PGP has persisted to adapt in

response to technological improvements and changing protection requirements.
Modern versions of PGP provide stronger functions together with guide for elliptic
curve cryptography (ECC), stepped forward key management, integration with
cloud garage services, and compatibility with cellular gadgets. Additionally, PGP
has been integrated into diverse encryption gear, steady e-mail customers, and
agency safety answers, expanding its utility and reach.

The following are the services offered by PGP:

1. Authentication

2. Confidentiality

3. Email Compatibility

4. Segmentation

Authentication in PGP

Authentication basically means something that is used to validate something as true

or real. To login into some sites sometimes we give our account name and
password, that is an authentication verification procedure.

In the email world, checking the authenticity of an email is nothing but to check
whether it actually came from the person it says. In emails, authentication has to be
checked as there are some people who spoof the emails or some spams and
sometimes it can cause a lot of inconvenience. The Authentication service in PGP is
provided as follows:

Authentication in PGP

As shown in the above figure, the Hash Function (H) calculates the Hash Value of
the message. For the hashing purpose, SHA-1 is used and it produces a 160 bit
output hash value. Then, using the sender’s private key (KPa), it is encrypted and
it’s called as Digital Signature. The Message is then appended to the signature. All
the process happened till now, is sometimes described as signing the message . Then
the message is compressed to reduce the transmission overhead and is sent over to
the receiver.

At the receiver’s end, the data is decompressed and the message, signature are
obtained. The signature is then decrypted using the sender’s public key(PUa) and the
hash value is obtained. The message is again passed to hash function and it’s hash
value is calculated and obtained.

Both the values, one from signature and another from the recent output of hash
function are compared and if both are same, it means that the email is actually sent
from a known one and is legit, else it means that it’s not a legit one.

2. Confidentiality in PGP

Sometimes we see some packages labelled as ‘Confidential’, which means that

those packages are not meant for all the people and only selected persons can see
them. The same applies to the email confidentiality as well. Here, in the email
service, only the sender and the receiver should be able to read the message, that
means the contents have to be kept secret from every other person, except for those
two.

PGP provides that Confidentiality service in the following manner:

Confidentiality in PGP

Then, the session key (Ks) itself gets encrypted through public key encryption (EP)
using receiver’s public key(KUb) . Both the encrypted entities are now concatenated
and sent to the receiver.

As you can see, the original message was compressed and then encrypted initially
and hence even if any one could get hold of the traffic, he cannot read the contents
as they are not in readable form and they can only read them if they had the session
key (Ks). Even though session key is transmitted to the receiver and hence, is in the
traffic, it is in encrypted form and only the receiver’s private key (KPb)can be used
to decrypt that and thus our message would be completely safe.

At the receiver’s end, the encrypted key is decrypted using KPb and the message is
decrypted with the obtained session key. Then, the message is decompressed to
obtain the M.

RSA algorithm is used for the public-key encryption and for the symmetric key
encryption, CAST-128(or IDEA or 3DES) is used.

Practically, both the Authentication and Confidentiality services are provided in

parallel as follows :

Authentication and Confidentiality services in PGP

Note:

M – Message

H – Hash Function

Ks – A random Session Key created for Symmetric Encryption purpose

DP – Public-Key Decryption Algorithm

EP – Public-Key Encryption Algorithm

 DC – Asymmetric Decryption Algorithm

EC – Symmetric Encryption Algorithm

KPb – A private key of user B used in Public-key encryption process

KPa – A private key of user A used in Public-key encryption process

PUa – A public key of user A used in Public-key encryption process

PUb – A public key of user B used in Public-key encryption process

|| – Concatenation

Z – Compression Function

Z-1 – Decompression Function

Why Authentication and Confidentiality are important in PGP?

Authentication and confidentiality play pivotal roles in Pretty Good Privacy (PGP),
ensuring the security and integrity of virtual verbal exchange. Authentication,
carried out through virtual signatures, verifies the identity of the sender and
safeguards towards spoofing and impersonation. By signing messages with their
personal key, senders offer recipients with a means to verify the authenticity of the
verbal exchange. This authentication mechanism not simplest fosters agree with
among parties but additionally guarantees message integrity, as virtual signatures
verify that the message has not been tampered with at some stage in transmission.
On the opposite hand, confidentiality, facilitated via encryption, protects the content
material of messages from unauthorized access. Through encryption algorithms,
PGP scrambles the message, rendering it unreadable to everybody with out the
decryption key. This ensures that touchy facts stays private and inaccessible to
eavesdroppers and unauthorized parties. Together, authentication and confidentiality
in PGP set up a stable framework for relied on conversation, allowing individuals
and corporations to change information confidentially and securely while keeping
privacy and integrity.

Advantages of PGP

 The primary benefit of PGP encryption lies in its unbreakable algorithm.

 It is regarded as a top technique for improving cloud security and is frequently

utilised by users who need to encrypt their private conversations.
 This is due to PGP’s ability to prevent hackers, governments, and nation-states from
accessing files or emails that are encrypted with PGP.

Disadvantage of PGP

 The main drawback of PGP encryption is that it is usually not intuitive to use. PGP
requires time and effort to fully encrypt data and files, which might make messaging
more difficult for users. If an organisation is thinking about deploying PGP, it has to
train its employees.

 It is imperative that users comprehend the intricacies of the PGP system to prevent
unintentionally weakening their security measures. This may occur from using PGP
incorrectly or from losing or corrupting keys, endangering other users in situations
where security is at an extreme.

 Absence of anonymity: PGP encrypts user messages but does not provide users with
any anonymity. This makes it possible to identify the source and recipient of emails
sent using a PGP solution.

Conclusion

Today, PGP continues to play a key role in protecting digital privacy and protecting
sensitive information for individuals, businesses and organizations worldwide
Through integration into a range of encryption tools, email clients and enterprise
security solutions, -And a reliable and widely used tool for supporting authority, as
technology continues to evolve, PGP will no doubt continue to evolve alongside it,
cementing its position as a secure network and the cornerstone of digital privacy for
years to come.

What is Key Management in Information Security?

Key management define as managing cryptographic keys within a cryptosystem. It

can manage with generating, exchanging, saving, using and replacing keys as
required at the user level.

A key management system will also contains key servers, user process and
protocols, including cryptographic protocol design. The security of the cryptosystem
is based upon successful key management.

Cryptographic keys play an essential role in protecting sensitive data, avoiding data
breaches, and understanding with regulations. Unfortunately, a lost or stolen key can
lead to costly losses of systems and information, which is each security-aware
company should provide strong key management protocols.
Encryption key management is a group of practices and rules that provide the
secured use of cryptographic keys. Proper management provides a key stays secure
throughout its lifecycle, from generation and use to saving and deletion.

A cryptographic key is a document that include a string of letters and numbers that
can encrypt and decrypt information when processed by a crypto algorithm. The
main objective of key management is to maintain these files away from
unauthorized users and systems.

Key Management is the procedure of putting specific standards in place to provide

the security of cryptographic keys in an organization. Key Management manage
with the generation, exchange, storage, deletion, and updating of keys. They also
manage with the members access of the keys.

Key management forms the basis of all information security. Data is encrypted and
decrypted through the use of encryption keys, which define the loss or compromise
of any encryption key would invalidate the information security measures establish
into place. Keys also provide the secure transmission of information across an
Internet connection.

With authentication methods, such as code signing, attackers can pretend to be a

trusted service such as Microsoft, while providing victim’s computers malware, if
they steal a poorly secured key.

Keys support compliance with specific standards and regulations to provide

companies are using best practices when securing cryptographic keys and well
protected keys are only applicable by users who require them.

Key management servers (KMS) are used to administer the complete lifecycle of
cryptographic keys and secure them from loss or misuse. KMS solutions, and other
key management technology, directly control the generation, management, storage,
archival, and removal of encryption keys.

Moreover, it can completely protect their loss or misuse, companies should limit
access to these keys, either by defining physical access or ruling user access by
generating clear and defined roles.

The proper management of cryptographic keys is important to the efficient use of

cryptography for security. Keys are similar to the combination of a safe. If a safe
combination is called an adversary, the strongest safe supports no security against
penetration. Likewise, poor key management can simply compromise strong
algorithms.
 What is Key Management?

Key management refers to the processes and procedures involved in generating,

storing, distributing, and managing cryptographic keys used in cryptographic
algorithms to protect sensitive data. It ensures that keys used to protect sensitive
data are kept safe from unauthorized access or loss. Good key management helps
maintain the security of encrypted information and is important for protecting digital
assets from cyber threats. Effective key management is crucial for ensuring the
confidentiality, integrity, and availability of encrypted information by securing
cryptographic keys from unauthorized access, loss, or compromise.

How Cryptographic Keys Works?

Cryptographic keys are special codes that protect information by locking

(encrypting) and unlocking (decrypting) it. In symmetric key cryptography, a
single shared key does both jobs, so the same key must be kept secret between users.
In asymmetric key cryptography, there are two keys: a public key that anyone can
use to encrypt messages or verify signatures, and a private key that only the owner
uses to decrypt messages or create signatures. This makes it easier to share the
public key openly while keeping the private key secret. These keys are crucial for
secure communication, like when you visit a secure website (HTTPS), where they
help encrypt your data and keep it safe from eavesdroppers and criminals. So, to
manage these keys properly is vital to keep digital information secure and
dependable.

Types of Key Management

There are two aspects of Key Management:

1. Distribution of public keys.

2. Use of public-key encryption to distribute secrets.

Distribution of Public Key

The public key can be distributed in four ways:

1. Public announcement

2. Publicly available directory

3. Public-key authority
4. Public-key certificates.

These are explained as following below:

1. Public Announcement: Here the public key is broadcast to everyone. The major
weakness of this method is a forgery. Anyone can create a key claiming to be
someone else and broadcast it. Until forgery is discovered can masquerade as
claimed user.

2. Publicly Available Directory: In this type, the public key is stored in a public
directory. Directories are trusted here, with properties like Participant Registration,
access and allow to modify values at any time, contains entries like {name, public-
key}. Directories can be accessed electronically still vulnerable to forgery or
tampering.

3. Public Key Authority: It is similar to the directory but, improves security by

tightening control over the distribution of keys from the directory. It requires users
to know the public key for the directory. Whenever the keys are needed, real-time
access to the directory is made by the user to obtain any desired public key
securely.

4. Public Certification: This time authority provides a certificate (which binds an

identity to the public key) to allow key exchange without real-time access to the
public authority each time. The certificate is accompanied by some other info such
as period of validity, rights of use, etc. All of this content is signed by the private
 key of the certificate authority and it can be verified by anyone possessing the
authority’s public key.
First sender and receiver both request CA for a certificate which contains a public
key and other information and then they can exchange these certificates and can
start communication.

Key Management Lifecycle

The key management lifecycle outlines the stages through which cryptographic
keys are generated, used, and eventually retired or destroyed. Proper management of
these keys is critical to ensuring the security of cryptographic systems. Here’s an
overview of each stage:

1. Key Generation:

 Creation: Keys are created using secure algorithms to ensure randomness and
strength.

 Initialization: Keys are initialized with specific parameters required for their
intended use (e.g., length, algorithm).

2. Key Distribution:

 Sharing: For symmetric keys, secure methods must be used to share the key
between parties.

 Publication: For asymmetric keys, the public key is shared openly, while the
private key remains confidential.

3. Key Storage:

 Protection: Keys must be stored securely, typically in hardware security modules

(HSMs) or encrypted key stores, to prevent unauthorized access.

 Access Control: Only authorized users or systems should be able to access keys.

4. Key Usage:

 Application: Keys are used for their intended cryptographic functions, such as
encrypting/decrypting data or signing/verifying messages.Monitoring: Usage is
monitored to detect any unusual or unauthorized activities.

Key Management in Cryptography

 5. Key Rotation:

 Updating: Keys are periodically updated to reduce the risk of exposure or

compromise.

 Re-Keying: New keys are generated and distributed, replacing old ones while
ensuring continuity of service.

6. Key Revocation:

 Invalidation: Keys that are no longer secure or needed are invalidated.

 Revocation Notices: For public keys, revocation certificates or notices are

distributed to inform others that the key should no longer be trusted.

7. Key Archival:

 Storage: Old keys are securely archived for future reference or compliance
purposes.

 Access Restrictions: Archived keys are kept in a secure location with restricted
access.

8. Key Destruction:

 Erasure: When keys are no longer needed, they are securely destroyed to prevent
any possibility of recovery.

 Verification: The destruction process is verified to ensure that no copies remain.

Conclusion

Managing cryptographic keys is crucial for keeping data secure. It involves creating,
distributing, storing, using, updating, and eventually destroying keys properly. Good
key management ensures that keys are safe from unauthorized access and can be
trusted throughout their life. By doing this, organizations protect sensitive
information and maintain the security of their digital communications. In short,
effective key management is essential for making encryption work and keeping
information systems secure.

What is S/MIME?
 S/MIME stands for Secure/Multipurpose Internet Mail Extensions. Through
encryption, S/MIME offers protection for business emails. S/MIME comes under
the concept of Cryptography. S/MIME is a protocol used for encrypting or
decrypting digitally signed E-mails. This means that users can digitally sign their
emails as the owner(sender) of the e-mail.

Emails could only be sent in NVT 7-bit format in the past, due to which images,
videos, or audio were not a part of e-mail attachments. Bell Communications
launched the MIME standard protocol in 1991 to increase the email’s restricted
functionality. S/MIME is an upgrade of MIME(Multipurpose Internet Mail
Extensions). Due to the limitations of MIME, S/MIME came into play. S/MIME is
based on asymmetric cryptography which means that communications can be
encrypted or decrypted using a pair of related keys namely public and private keys.

How S/MIME Works?

S/MIME enables non-ASCII data to be sent using Secure Mail Transfer Protocol
(SMTP) via email. Moreover, many data files are sent, including music, video, and
image files. This data is securely sent using the encryption method. The data which
is encrypted using a public key is then decrypted using a private key which is only
present with the receiver of the E-mail. The receiver then decrypts the message and
then the message is used. In this way, data is shared using e-mails providing an end-
to-end security service using the cryptography method.

Advantages of S/MIME

1. It offers verification.

2. It offers integrity to the message.

3. By the use of digital signatures, it facilitates non-repudiation of origin.

4. It offers seclusion.

5. Data security is ensured by the utilization of encryption.

6. Transfer of data files like images, audio, videos, documents, etc. in a secure manner.

Services of S/MIME

1. Digital Signature, which can maintain data integrity.

2. S/MIME can be used in encrypting messages.

3. By using this we can transfer our data using an e-mail without any problem.

Versions of S/MIME Versions

 1st Version: 1995

 2nd Version: 1998

 3rd Version: 1999

Microsoft products that support the third version of S/MIME:-

1. Microsoft Outlook 2000 and more ( SR-1 ).

2. Outlook Express 5.01 and later.

3. Microsoft Exchange version 5.5 and later.

Conclusion

S/MIME protocol (or method) has been one of the safest ways to transmit data or
share data between companies or users. The benefits that S/MIME provides are data
integrity, confidentiality, verification, and non-repudiation. Moreover, S/MIME has
been widely used for providing security services in various companies.

Frequently Asked Questions on S/MIME -FAQs

What is S/MIME used for?

S/MIME offer’s two services

 Digital signatures provide non-repudiation and authentication.

 Message encryption provides Data Integrity and Confidentiality.

Why does your company need S/MIME protection?

S/MIME provides security to data and confidential information to the E-mails used
by companies. Thus, in order to protect data from unwanted and unknown access
companies need S/MIME protection.

Advantages of S/MIME over MIME?

 MIME allows file sharing, but in a manner where data can be changed or stolen.
S/MIME securely transmits data using the encryption method.

What Is a S/MIME Certificate and How Does this Certificate Work?

A S/MIME certificate is a digital signature that displays the identity of the sender.
This certificate provides data security. This certificate uses a public key to encrypt
the message and the private key (which is available only by the receiver) to decrypt
the message.

Why Need a S/MIME Certificate?

In today’s generation, data stealing has been a threat to people a lot. So, in order to
prevent your data from being changed or stolen we must use a S/MIME certificate.
This certificate will ensure data security without any stealing or copying of data.

IPSec Architecture

IPSec (IP Security) architecture uses two protocols to secure the traffic or data
flow. These protocols are ESP (Encapsulation Security Payload) and AH
(Authentication Header). IPSec Architecture includes protocols, algorithms, DOI,
and Key Management. All these components are very important in order to provide
the three main services:

 Confidentiality
 Authentication
 Integrity
 IP Security Architecture:

1. Architecture: Architecture or IP Security Architecture covers the general

concepts, definitions, protocols, algorithms, and security requirements of IP Security
technology.

2. ESP Protocol: ESP(Encapsulation Security Payload) provides a confidentiality

service. Encapsulation Security Payload is implemented in either two ways:

 ESP with optional Authentication.

 ESP with Authentication.
 Packet Format:

 Security Parameter Index(SPI): This parameter is used by Security Association. It

is used to give a unique number to the connection built between the Client and
Server.
 Sequence Number: Unique Sequence numbers are allotted to every packet so that
on the receiver side packets can be arranged properly.
 Payload Data: Payload data means the actual data or the actual message. The
Payload data is in an encrypted format to achieve confidentiality.
 Padding: Extra bits of space are added to the original message in order to ensure
confidentiality. Padding length is the size of the added bits of space in the original
message.
 Next Header: Next header means the next payload or next actual data.
 Authentication Data This field is optional in ESP protocol packet format.

3. Encryption algorithm: The encryption algorithm is the document that describes

various encryption algorithms used for Encapsulation Security Payload.

4. AH Protocol: AH (Authentication Header) Protocol provides both

Authentication and Integrity service. Authentication Header is implemented in one
way only: Authentication along with Integrity.
Authentication Header covers the packet format and general issues related to the use
of AH for packet authentication and integrity.

5. Authentication Algorithm: The authentication Algorithm contains the set of

documents that describe the authentication algorithm used for AH and for the
authentication option of ESP.

6. DOI (Domain of Interpretation): DOI is the identifier that supports both AH

and ESP protocols. It contains values needed for documentation related to each
other.

7. Key Management: Key Management contains the document that describes how
the keys are exchanged between sender and receiver.

What is Encapsulating Security Payload ?

Cyber Security is the branch of computer technology that deals with the security of
the virtual cloud and internet. Any information that is stored or transmitted through
the cloud needs to be secure and safe. Cyber Networking plays a very important role
in maintaining that the connection established is secured and content goes through a
secured/ safe channel for transmission.

Security in the network is very important and can’t be compromised in any

situation. Security in Networking particularly in IP Sec or IP Network Security is
significant and has some characteristics associated with it.

Characteristics Associated with IPSec:

1. The standardized algorithms present in IP Sec are SHA and MD5.

2. IPSec uniquely identifies every packet, and then authentication is carried out based
on verifying the same uniqueness of the packet.

3. IP network or IPSec has an ESP present in it for security purposes.

Here, we will discuss ESP, the structure of ESP, and its importance in security.

Encapsulating security payload, also abbreviated as ESP plays a very important role
in network security. ESP or Encapsulating security payload is an individual protocol
in IPSec. ESP is responsible for the CIA triad of security (Confidentiality, Integrity,
Availability), which is considered significant only when encryption is carried along
with them. Securing all payload/ packets/ content in IPv4 and IPv6 is the
responsibility of ESP.

As the name suggests, it involves encapsulation of the content/ payload encrypts it

to suitable form and then there a security check or authentication takes place for
payload in IP Network. Encryption/ encapsulation and security/ authentication
make the payload extremely secure and safe from any kind of harm or threat to
content/ data/ payload being stolen by any third party. The encryption process is
performed by authenticated user, similarly, the decryption process is carried out
only when the receiver is verified, thus making the entire process very smooth and
secure. The entire encryption that is performed by ESP is carried on the principle of
the integrity of payload and not on the typical IP header.

Working of ESP:

1. Encapsulating Security Payload supports both main Network layer protocols: IPv4
and IPv6 protocols.

2. It performs the functioning of encryption in headers of Internet Protocol or in

general say, it resides and performs functions in IP Header.

3. One important thing to note here is that the insertion of ESP is between Internet
Protocol and other protocols such as UDP/ TCP/ ICMP.

Modes in ESP:

Encapsulating Security Payload supports two modes, i.e. Transport mode, and
tunnel mode.

Tunnel mode:
1. Mandatory in Gateway, tunnel mode holds utmost importance.

2. Here, a new IP Header is created which is used as the outer IP Header followed by
ESP.

Transport mode:

1. Here, IP Header is not protected via encryption or authentication, making it

vulnerable to threats

2. Less processing is seen in this mode, so the inclusion of ESP is preferred

Advantages:

Below listed are the advantages of Encapsulating Security Payload:

1. Encrypting data to provide security

2. Maintaining a secure gateway for data/ message transmission

3. Properly authenticating the origin of data

4. Providing needed data integrity

5. Maintaining data confidentiality

6. Helping with antireplay service using authentication header

Disadvantages:

Below listed are the disadvantages of Encapsulating Security Payload:

1. There is a restriction on the encryption method to be used

2. For global use and implementation, weaker encryptions are mandatory to use

Components of ESP:

An important point to note is that authentication and security are not provided for
the entire IP packet in transport mode. On the other hand for the tunnel mode, the
entire IP packet along with the new packet header is encapsulated.
 ESP structure is composed of the following parts as shown below :

ESP Structure

The diagrammatic representation of ESP has the below-mentioned components :

1. Security Parameter :

 Security parameters are assigned a size of 32 bits for use

 Security Parameter is mandatory to security parameter in ESP for security links and
associations

2. Sequence Number:

 The sequence number is 32 bits in size and works as an incremental counter.

 The first packet has a sequence number 1 assigned to it whenever sent through SA

3. Payload Data:

 Payload data don’t have fixed size and are variable in size to use

 It refers to the data/ content that is provided security by the method of encryption

4. Padding:

 Padding has an assigned size of 0-255 bytes assigned to it.

 Padding is done to ensure that the payload data which needs to be sent securely fits
into the cipher block correctly, so for this padding payloads come to the rescue.

5. Pad Length:

 Pad Length is assigned the size of 8 bits to use

 It is a measure of pad bytes that are preceding

6. Next Header:

 The next header is associated with a size of 8 bits to use

 It is responsible for determining the data type of payload by studying the first header
of the payload

7. Authentication Data:

 The size associated with authentication data is variable and never fixed for use-case

 Authentication data is an optional field that is applicable only when SA is selected.

It serves the purpose of providing integrity

Security association:

A security association (SA) is the establishment of shared security attributes

between two network entities to support secure communication. An SA may include
attributes such as: cryptographic algorithm and mode; traffic encryption key; and
parameters for the network data to be passed over the connection. The framework
for establishing security associations is provided by the Internet Security
Association and Key Management Protocol (ISAKMP). Protocols such as Internet
Key Exchange (IKE) and Kerberized Internet Negotiation of Keys (KINK) provide
authenticated keying material.[1]

An SA is a simplex (one-way channel) and logical connection which endorses and

provides a secure data connection between the network devices. The fundamental
requirement of an SA arrives when the two entities communicate over more than
one channel. Take, for example, a mobile subscriber and a base station. The
subscriber may subscribe itself to more than one service. Therefore, each service
may have different service primitives, such as a data encryption algorithm, public
key, or initialization vector. To make things easier, all of this security information is
grouped logically, and the logical group itself is a Security Association. Each SA
has its own ID called SAID. So both the base station and mobile subscriber will
share the SAID, and they will derive all the security parameters.

In other words, an SA is a logical group of security parameters that enable the

sharing of information to another entity.

Key Management in Cryptography

In cryptography, it is a very monotonous task to distribute the public and private

keys between sender and receiver. If the key is known to the third party
(forger/eavesdropper) then the whole security mechanism becomes worthless. So,
there comes the need to secure the exchange of keys. In this article, we will learn
about key management, how Cryptographic Keys Work, Types of Key
Management, and Key Management Lifecycle.

What is Key Management?

Key management refers to the processes and procedures involved in generating,

storing, distributing, and managing cryptographic keys used in cryptographic
algorithms to protect sensitive data. It ensures that keys used to protect sensitive
data are kept safe from unauthorized access or loss. Good key management helps
maintain the security of encrypted information and is important for protecting digital
assets from cyber threats. Effective key management is crucial for ensuring the
confidentiality, integrity, and availability of encrypted information by securing
cryptographic keys from unauthorized access, loss, or compromise.

How Cryptographic Keys Works?

Cryptographic keys are special codes that protect information by locking

(encrypting) and unlocking (decrypting) it. In symmetric key cryptography, a
single shared key does both jobs, so the same key must be kept secret between users.
In asymmetric key cryptography, there are two keys: a public key that anyone can
 use to encrypt messages or verify signatures, and a private key that only the owner
uses to decrypt messages or create signatures. This makes it easier to share the
public key openly while keeping the private key secret. These keys are crucial for
secure communication, like when you visit a secure website (HTTPS), where they
help encrypt your data and keep it safe from eavesdroppers and criminals. So, to
manage these keys properly is vital to keep digital information secure and
dependable.

Types of Key Management

There are two aspects of Key Management:

1. Distribution of public keys.

2. Use of public-key encryption to distribute secrets.

Distribution of Public Key

The public key can be distributed in four ways:

1. Public announcement

2. Publicly available directory

3. Public-key authority

4. Public-key certificates.

These are explained as following below:

1. Public Announcement: Here the public key is broadcast to everyone. The major
weakness of this method is a forgery. Anyone can create a key claiming to be
someone else and broadcast it. Until forgery is discovered can masquerade as
claimed user.
2. Publicly Available Directory: In this type, the public key is stored in a public
directory. Directories are trusted here, with properties like Participant Registration,
access and allow to modify values at any time, contains entries like {name, public-
key}. Directories can be accessed electronically still vulnerable to forgery or
tampering.

3. Public Key Authority: It is similar to the directory but, improves security by

tightening control over the distribution of keys from the directory. It requires users
to know the public key for the directory. Whenever the keys are needed, real-time
access to the directory is made by the user to obtain any desired public key
securely.

4. Public Certification: This time authority provides a certificate (which binds an

identity to the public key) to allow key exchange without real-time access to the
public authority each time. The certificate is accompanied by some other info such
as period of validity, rights of use, etc. All of this content is signed by the private
key of the certificate authority and it can be verified by anyone possessing the
authority’s public key.
First sender and receiver both request CA for a certificate which contains a public
key and other information and then they can exchange these certificates and can
start communication.

Key Management Lifecycle

 The key management lifecycle outlines the stages through which cryptographic
keys are generated, used, and eventually retired or destroyed. Proper management of
these keys is critical to ensuring the security of cryptographic systems. Here’s an
overview of each stage:

1. Key Generation:

 Creation: Keys are created using secure algorithms to ensure randomness and
strength.

 Initialization: Keys are initialized with specific parameters required for their
intended use (e.g., length, algorithm).

2. Key Distribution:

 Sharing: For symmetric keys, secure methods must be used to share the key
between parties.

 Publication: For asymmetric keys, the public key is shared openly, while the
private key remains confidential.

3. Key Storage:

 Protection: Keys must be stored securely, typically in hardware security modules

(HSMs) or encrypted key stores, to prevent unauthorized access.

 Access Control: Only authorized users or systems should be able to access keys.

4. Key Usage:

 Application: Keys are used for their intended cryptographic functions, such as
encrypting/decrypting data or signing/verifying messages.

 Monitoring: Usage is monitored to detect any unusual or unauthorized activities.

Key Management in Cryptography

5. Key Rotation:

 Updating: Keys are periodically updated to reduce the risk of exposure or

compromise.
 Re-Keying: New keys are generated and distributed, replacing old ones while
ensuring continuity of service.

6. Key Revocation:

 Invalidation: Keys that are no longer secure or needed are invalidated.

 Revocation Notices: For public keys, revocation certificates or notices are

distributed to inform others that the key should no longer be trusted.

7. Key Archival:

 Storage: Old keys are securely archived for future reference or compliance
purposes.

 Access Restrictions: Archived keys are kept in a secure location with restricted
access.

8. Key Destruction:

 Erasure: When keys are no longer needed, they are securely destroyed to prevent
any possibility of recovery.

 Verification: The destruction process is verified to ensure that no copies remain.

Conclusion

Managing cryptographic keys is crucial for keeping data secure. It involves creating,
distributing, storing, using, updating, and eventually destroying keys properly. Good
key management ensures that keys are safe from unauthorized access and can be
trusted throughout their life. By doing this, organizations protect sensitive
information and maintain the security of their digital communications. In short,
effective key management is essential for making encryption work and keeping
information systems secure.

UNIT V WEB SECURITY

Web Security Considerations

Web Security is very important nowadays. Websites are always prone to security
threats/risks. Web Security deals with the security of data over the internet/network
or web or while it is being transferred to the internet. For e.g. when you are
 transferring data between client and server and you have to protect that data that
security of data is your web security.

Hacking a Website may result in the theft of Important Customer Data, it may be the
credit card information or the login details of a customer or it can be the destruction
of one’s business and propagation of illegal content to the users while somebody
hacks your website they can either steal the important information of the customers
or they can even propagate the illegal content to your users through your website so,
therefore, security considerations are needed in the context of web security.

Security Threats:

A Threat is nothing but a possible event that can damage and harm an information
system. Security Threat is defined as a risk that which, can potentially harm
Computer systems & organizations. Whenever an Individual or an Organization
creates a website, they are vulnerable to security attacks.

Security attacks are mainly aimed at stealing altering or destroying a piece of

personal and confidential information, stealing the hard drive space, and illegally
accessing passwords. So whenever the website you created is vulnerable to security
attacks then the attacks are going to steal your data alter your data destroy your
personal information see your confidential information and also it accessing your
password.

Top Web Security Threats :

Web security threats are constantly emerging and evolving, but many threats
consistently appear at the top of the list of web security threats. These include:

 Cross-site scripting (XSS)

 SQL Injection
 Phishing
 Ransomware
 Code Injection
 Viruses and worms
 Spyware
 Denial of Service

Security Consideration:

 Updated Software: You need to always update your software. Hackers may be
aware of vulnerabilities in certain software, which are sometimes caused by bugs
and can be used to damage your computer system and steal personal data. Older
 versions of software can become a gateway for hackers to enter your network.
Software makers soon become aware of these vulnerabilities and will fix vulnerable
or exposed areas. That’s why It is mandatory to keep your software updated, It plays
an important role in keeping your personal data secure.
 Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or
your database by inserting a rough code into your query. For e.g. somebody can
send a query to your website and this query can be a rough code while it gets
executed it can be used to manipulate your database such as change tables, modify
or delete data or it can retrieve important information also so, one should be aware
of the SQL injection attack.
 Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script
into web pages. E.g. Submission of forms. It is a term used to describe a class of
attacks that allow an attacker to inject client-side scripts into other users’ browsers
through a website. As the injected code enters the browser from the site, the code is
reliable and can do things like sending the user’s site authorization cookie to the
attacker.
 Error Messages: You need to be very careful about error messages which are
generated to give the information to the users while users access the website and
some error messages are generated due to one or another reason and you should be
very careful while providing the information to the users. For e.g. login attempt – If
the user fails to login the error message should not let the user know which field is
incorrect: Username or Password.
 Data Validation: Data validation is the proper testing of any input supplied by the
user or application. It prevents improperly created data from entering the
information system. Validation of data should be performed on both server-side and
client-side. If we perform data validation on both sides that will give us the
authentication. Data validation should occur when data is received from an outside
party, especially if the data is from untrusted sources.
 Password: Password provides the first line of defense against unauthorized access
to your device and personal information. It is necessary to use a strong password.
Hackers in many cases use sophisticated software that uses brute force to crack
passwords. Passwords must be complex to protect against brute force. It is good to
enforce password requirements such as a minimum of eight characters long must
including uppercase letters, lowercase letters, special characters, and numerals.

Secure Socket Layer (SSL)

Last Updated : 19 Jun, 2024




 Secure Socket Layer (SSL) provides security to the data that is transferred between
web browser and server. SSL encrypts the link between a web server and a browser
which ensures that all data passed between them remain private and free from
attack. In this article, we are going to discuss SSL in detail, its protocols, the silent
features of SSL, and the version of SSL.

What is a Secure Socket Layer?

SSL, or Secure Sockets Layer, is an Internet security protocol that encrypts data to
keep it safe. It was created by Netscape in 1995 to ensure privacy, authentication,
and data integrity in online communications. SSL is the older version of what we
now call TLS (Transport Layer Security).

Websites using SSL/TLS have “HTTPS” in their URL instead of “HTTP.”

How does SSL work?

 Encryption: SSL encrypts data transmitted over the web, ensuring privacy. If
someone intercepts the data, they will see only a jumble of characters that is nearly
impossible to decode.

 Authentication: SSL starts an authentication process called a handshake between

two devices to confirm their identities, making sure both parties are who they claim
to be.

 Data Integrity: SSL digitally signs data to ensure it hasn’t been tampered with,
verifying that the data received is exactly what was sent by the sender.

Why is SSL Important?

Originally, data on the web was transmitted in plaintext, making it easy for anyone
who intercepted the message to read it. For example, if someone logged into their
email account, their username and password would travel across the Internet
unprotected.

SSL was created to solve this problem and protect user privacy. By encrypting data
between a user and a web server, SSL ensures that anyone who intercepts the data
sees only a scrambled mess of characters. This keeps the user’s login credentials
safe, visible only to the email service.

Additionally, SSL helps prevent cyber attacks by:

 Authenticating Web Servers: Ensuring that users are connecting to the legitimate
website, not a fake one set up by attackers.

 Preventing Data Tampering: Acting like a tamper-proof seal, SSL ensures that the
data sent and received hasn’t been altered during transit.

Secure Socket Layer Protocols

 SSL Record Protocol

 Handshake Protocol

 Change-Cipher Spec Protocol

 Alert Protocol

SSL Record Protocol

SSL Record provides two services to SSL connection.

 Confidentiality

 Message Integrity

In the SSL Record Protocol application data is divided into fragments. The fragment
is compressed and then encrypted MAC (Message Authentication Code) generated
by algorithms like SHA (Secure Hash Protocol) and MD5 (Message Digest) is
 appended. After that encryption of the data is done and in last SSL header is
appended to the data.

Handshake Protocol

Handshake Protocol is used to establish sessions. This protocol allows the client and
server to authenticate each other by sending a series of messages to each other.
Handshake protocol uses four phases to complete its cycle.

 Phase-1: In Phase-1 both Client and Server send hello-packets to each other. In this
IP session, cipher suite and protocol version are exchanged for security purposes.

 Phase-2: Server sends his certificate and Server-key-exchange. The server end
phase-2 by sending the Server-hello-end packet.

 Phase-3: In this phase, Client replies to the server by sending his certificate and
Client-exchange-key.

 Phase-4: In Phase-4 Change-cipher suite occurs and after this the Handshake
Protocol ends.
SSL Handshake Protocol Phases diagrammatic representation

Change-Cipher Protocol

This protocol uses the SSL record protocol. Unless Handshake Protocol is
completed, the SSL record Output will be in a pending state. After the handshake
protocol, the Pending state is converted into the current state.
Change-cipher protocol consists of a single message which is 1 byte in length and
can have only one value. This protocol’s purpose is to cause the pending state to be
copied into the current state.
 Alert Protocol

This protocol is used to convey SSL-related alerts to the peer entity. Each message
in this protocol contains 2 bytes.

The level is further classified into two parts:

Warning (level = 1)
This Alert has no impact on the connection between sender and receiver. Some of
them are:

 Bad Certificate: When the received certificate is corrupt.

 No Certificate: When an appropriate certificate is not available.

 Certificate Expired: When a certificate has expired.

 Certificate Unknown: When some other unspecified issue arose in processing the
certificate, rendering it unacceptable.

 Close Notify: It notifies that the sender will no longer send any messages in the
connection.

 Unsupported Certificate: The type of certificate received is not supported.

 Certificate Revoked: The certificate received is in revocation list.

Fatal Error (level = 2):

 This Alert breaks the connection between sender and receiver. The connection will
be stopped, cannot be resumed but can be restarted. Some of them are :

 Handshake Failure: When the sender is unable to negotiate an acceptable set of

security parameters given the options available.

 Decompression Failure: When the decompression function receives improper

input.

 Illegal Parameters: When a field is out of range or inconsistent with other fields.

 Bad Record MAC: When an incorrect MAC was received.

 Unexpected Message: When an inappropriate message is received.

The second byte in the Alert protocol describes the error.

Salient Features of Secure Socket Layer

 The advantage of this approach is that the service can be tailored to the specific
needs of the given application.
 Secure Socket Layer was originated by Netscape.

 SSL is designed to make use of TCP to provide reliable end-to-end secure service.

 This is a two-layered protocol.

Versions of SSL

SSL 1 – Never released due to high insecurity

SSL 2 – Released in 1995
SSL 3 – Released in 1996
TLS 1.0 – Released in 1999
TLS 1.1 – Released in 2006
TLS 1.2 – Released in 2008
TLS 1.3 – Released in 2018

SSL Certificate

SSL (Secure Sockets Layer) certificate is a digital certificate used to secure and
verify the identity of a website or an online service. The certificate is issued by a
trusted third-party called a Certificate Authority (CA), who verifies the identity of
the website or service before issuing the certificate.
 The SSL certificate has several important characteristics that make it a reliable
solution for securing online transactions:

 Encryption: The SSL certificate uses encryption algorithms to secure the

communication between the website or service and its users. This ensures that the
sensitive information, such as login credentials and credit card information, is
protected from being intercepted and read by unauthorized parties.

 Authentication: The SSL certificate verifies the identity of the website or service,
ensuring that users are communicating with the intended party and not with an
impostor. This provides assurance to users that their information is being
transmitted to a trusted entity.

 Integrity: The SSL certificate uses message authentication codes (MACs) to detect
any tampering with the data during transmission. This ensures that the data being
transmitted is not modified in any way, preserving its integrity.

 Non-repudiation: SSL certificates provide non-repudiation of data, meaning that

the recipient of the data cannot deny having received it. This is important in
situations where the authenticity of the information needs to be established, such as
in e-commerce transactions.

 Public-key cryptography: SSL certificates use public-key cryptography for secure

key exchange between the client and server. This allows the client and server to
securely exchange encryption keys, ensuring that the encrypted information can
only be decrypted by the intended recipient.

 Session management: SSL certificates allow for the management of secure

sessions, allowing for the resumption of secure sessions after interruption. This
helps to reduce the overhead of establishing a new secure connection each time a
user accesses a website or service.

 Certificates issued by trusted CAs: SSL certificates are issued by trusted CAs,
who are responsible for verifying the identity of the website or service before
issuing the certificate. This provides a high level of trust and assurance to users that
the website or service they are communicating with is authentic and trustworthy.

In addition to these key characteristics, SSL certificates also come in various levels
of validation, including Domain Validation (DV), Organization Validation (OV),
and Extended Validation (EV). The level of validation determines the amount of
information that is verified by the CA before issuing the certificate, with EV
certificates providing the highest level of assurance and trust to users.For more
 information about SSL certificates for each Validation level type, please refer to
Namecheap.

Overall, the SSL certificate is an important component of online security, providing

encryption, authentication, integrity, non-repudiation, and other key features that
ensure the secure and reliable transmission of sensitive information over the
internet.

What Are The Types of SSL Certificates?

There are different types of SSL certificates, each suited for different needs:

 Single-Domain SSL Certificate: This type covers only one specific domain. A
domain is the name of a website, like www.geeksforgeeks.org. For instance, if you
have a single-domain SSL certificate for www.geeksforgeeks.org, it won’t cover
any other domains or subdomains.

 Wildcard SSL Certificate: Similar to a single-domain certificate, but it also covers

all subdomains of a single domain. For example, if you have a wildcard certificate
for *.geeksforgeeks.org, it would cover www.geeksforgeeks.org,
blog.www.geeksforgeeks.org, and any other subdomain under example.com.

 Multi-Domain SSL Certificate: This type can secure multiple unrelated domains
within a single certificate.

These certificates vary in scope and flexibility, allowing website owners to choose
the appropriate level of security coverage based on their needs.

SSL certificates have different validation levels, which determine how thoroughly a
business or organization is vetted:

 Domain Validation (DV): This is the simplest and least expensive level. To get a
DV certificate, a business just needs to prove it owns the domain (like
www.geeksforgeeks.org).

 Organization Validation (OV): This involves a more hands-on verification

process. The Certificate Authority (CA) directly contacts the organization to
confirm its identity before issuing the certificate. OV certificates provide more
assurance to users about the legitimacy of the organization.

 Extended Validation (EV): This is the most rigorous level of validation. It requires
a comprehensive background check of the organization to ensure it’s legitimate and
trustworthy. EV certificates are recognized by the green address bar in web
browsers, indicating the highest level of security and trustworthiness.

These validation levels help users understand the level of security and trust they can
expect when visiting websites secured with SSL certificates.

Are SSL and TLS the Same thing?

SSL is the direct predecessor of TLS (Transport Layer Security). In 1999, the
Internet Engineering Task Force (IETF) proposed an update to SSL. Since this
update was developed by the IETF without Netscape’s involvement, the name was
changed to TLS. The changes between the last version of SSL (3.0) and the first
version of TLS were not significant; the name change mainly signified new
ownership.

Because SSL and TLS are so similar, people often use the terms interchangeably.
Some still call it SSL, while others use “SSL/TLS encryption” since SSL is still
widely recognized.

Is SSL Still up to Date?

SSL (Secure Sockets Layer) hasn’t been updated since SSL 3.0 back in 1996 and is
now considered outdated. It has known vulnerabilities, so security experts advise
against using it. Most modern web browsers no longer support SSL.

TLS (Transport Layer Security) is the current encryption protocol used online.
Despite this, many still refer to it as “SSL encryption,” causing confusion when
people look for security solutions. Nowadays, any vendor offering “SSL” is likely
providing TLS protection, which has been the standard for over 20 years. The term
“SSL protection” is still used widely on product pages because many users still
search for it.

Conclusion

SSL (Secure Sockets Layer) is a crucial Internet security protocol that encrypts data
to ensure privacy, authentication, and data integrity during online communications.
Although it has been succeeded by TLS (Transport Layer Security), SSL remains
widely recognized and foundational in establishing secure connections between
users and web servers. Understanding SSL is essential for appreciating the evolution
of internet security and the protection of sensitive information online.
 Transport Layer Security (TLS)

Transport Layer Securities (TLS) are designed to provide security at the transport
layer. TLS was derived from a security protocol called Secure Socket Layer (SSL).
TLS ensures that no third party may eavesdrop or tampers with any message.

There are several benefits of TLS:

 Encryption:
TLS/SSL can help to secure transmitted data using encryption.

 Interoperability:
TLS/SSL works with most web browsers, including Microsoft Internet Explorer and
on most operating systems and web servers.

 Algorithm flexibility:
TLS/SSL provides operations for authentication mechanism, encryption algorithms
and hashing algorithm that are used during the secure session.

 Ease of Deployment:
Many applications TLS/SSL temporarily on a windows server 2003 operating
systems.

 Ease of Use:
Because we implement TLS/SSL beneath the application layer, most of its
operations are completely invisible to client.

Working of TLS:
The client connect to server (using TCP), the client will be something. The client
sends number of specification:

1. Version of SSL/TLS.

2. which cipher suites, compression method it wants to use.

The server checks what the highest SSL/TLS version is that is supported by them
both, picks a cipher suite from one of the clients option (if it supports one) and
optionally picks a compression method. After this the basic setup is done, the server
provides its certificate. This certificate must be trusted either by the client itself or a
party that the client trusts. Having verified the certificate and being certain this
server really is who he claims to be (and not a man in the middle), a key is
exchanged. This can be a public key, “PreMasterSecret” or simply nothing
depending upon cipher suite.

Both the server and client can now compute the key for symmetric encryption. The
handshake is finished and the two hosts can communicate securely. To close a
connection by finishing. TCP connection both sides will know the connection was
improperly terminated. The connection cannot be compromised by this through,
merely interrupted.

Transport Layer Security (TLS) continues to play a critical role in securing data
transmission over networks, especially on the internet. Let’s delve deeper into its
workings and significance:

Enhanced Security Features:

TLS employs a variety of cryptographic algorithms to provide a secure

communication channel. This includes symmetric encryption algorithms like AES
(Advanced Encryption Standard) and asymmetric algorithms like RSA and Diffie-
Hellman key exchange. Additionally, TLS supports various hash functions for
message integrity, such as SHA-256, ensuring that data remains confidential and
unaltered during transit.

Certificate-Based Authentication:

One of the key components of TLS is its certificate-based authentication

mechanism. When a client connects to a server, the server presents its digital
certificate, which includes its public key and other identifying information. The
client verifies the authenticity of the certificate using trusted root certificates stored
locally or provided by a trusted authority, thereby establishing the server’s identity.

Forward Secrecy:

TLS supports forward secrecy, a crucial security feature that ensures that even if an
attacker compromises the server’s private key in the future, they cannot decrypt past
communications. This is achieved by generating ephemeral session keys for each
session, which are not stored and thus cannot be compromised retroactively.

TLS Handshake Protocol:

The TLS handshake protocol is a crucial phase in establishing a secure connection

between the client and the server. It involves multiple steps, including negotiating
the TLS version, cipher suite, and exchanging cryptographic parameters. The
 handshake concludes with the exchange of key material used to derive session keys
for encrypting and decrypting data.

Perfect Forward Secrecy (PFS):

Perfect Forward Secrecy is an advanced feature supported by TLS that ensures the
confidentiality of past sessions even if the long-term secret keys are compromised.
With PFS, each session key is derived independently, providing an additional layer
of security against potential key compromise.

TLS Deployment Best Practices:

To ensure the effectiveness of TLS, it’s essential to follow best practices in its
deployment. This includes regularly updating TLS configurations to support the
latest cryptographic standards and protocols, disabling deprecated algorithms and
cipher suites, and keeping certificates up-to-date with strong key lengths.

Continual Evolution:

TLS standards continue to evolve to address emerging security threats and

vulnerabilities. Ongoing efforts by standards bodies, such as the Internet
Engineering Task Force (IETF), ensure that TLS remains robust and resilient
against evolving attack vectors.

Conclusion:

In an increasingly interconnected world where data privacy and security are

paramount, Transport Layer Security (TLS) serves as a foundational technology for
securing communication over networks. By providing encryption, authentication,
and integrity protection, TLS enables secure data transmission, safeguarding
sensitive information from unauthorized access and tampering. As cyber threats
evolve, TLS will continue to evolve, adapting to new challenges and reinforcing the
security posture of digital communications.

Secure Electronic Transaction (SET) Protocol

Last Updated : 20 Jun, 2024





Secure Electronic Transaction or SET is a security protocol designed to ensure the

security and integrity of electronic transactions conducted using credit cards. Unlike
 a payment system, SET operates as a security protocol applied to those payments. It
uses different encryption and hashing techniques to secure payments over the
internet done through credit cards. The SET protocol was supported in development
by major organizations like Visa, Mastercard, and Microsoft which provided its
Secure Transaction Technology (STT), and Netscape which provided the
technology of Secure Socket Layer (SSL).

SET protocol restricts the revealing of credit card details to merchants thus keeping
hackers and thieves at bay. The SET protocol includes Certification Authorities for
making use of standard Digital Certificates like X.509 Certificate.

Before discussing SET further, let’s see a general scenario of electronic transactions,
which includes client, payment gateway, client financial institution, merchant, and
merchant financial institution.

Requirements in SET: The SET protocol has some requirements to meet, some of
the important requirements are:

 It has to provide mutual authentication i.e., customer (or cardholder) authentication

by confirming if the customer is an intended user or not, and merchant
authentication.

 It has to keep the PI (Payment Information) and OI (Order Information) confidential

by appropriate encryptions.

 It has to be resistive against message modifications i.e., no changes should be

allowed in the content being transmitted.
 SET also needs to provide interoperability and make use of the best security
mechanisms.

Participants in SET: In the general scenario of online transactions, SET includes

similar participants:

1. Cardholder – customer

2. Issuer – customer financial institution

3. Merchant

4. Acquirer – Merchant financial

5. Certificate authority – Authority that follows certain standards and issues

certificates(like X.509V3) to all other participants.

SET functionalities:

 Provide Authentication

o Merchant Authentication – To prevent theft, SET allows customers to check

previous relationships between merchants and financial institutions. Standard
X.509V3 certificates are used for this verification.

o Customer / Cardholder Authentication – SET checks if the use of a credit card is

done by an authorized user or not using X.509V3 certificates.

 Provide Message Confidentiality: Confidentiality refers to preventing unintended

people from reading the message being transferred. SET implements confidentiality
by using encryption techniques. Traditionally DES is used for encryption purposes.

 Provide Message Integrity: SET doesn’t allow message modification with the help
of signatures. Messages are protected against unauthorized modification using RSA
digital signatures with SHA-1 and some using HMAC with SHA-1,

Dual Signature: The dual signature is a concept introduced with SET, which aims
at connecting two information pieces meant for two different receivers :

Order Information (OI) for merchant

Payment Information (PI) for bank
 You might think sending them separately is an easy and more secure way, but
sending them in a connected form resolves any future dispute possible. Here is the
generation of dual signature:

Where,

PI stands for payment information

OI stands for order information
PIMD stands for Payment Information Message Digest
OIMD stands for Order Information Message Digest
POMD stands for Payment Order Message Digest
H stands for Hashing
E stands for public key encryption
KPc is customer's private key
|| stands for append operation
Dual signature, DS= E(KPc, [H(H(PI)||H(OI))])

Purchase Request Generation: The process of purchase request generation

requires three inputs:

 Payment Information (PI)

 Dual Signature

 Order Information Message Digest (OIMD)

The purchase request is generated as follows:

Here,
PI, OIMD, OI all have the same meanings as before.
The new things are :
EP which is symmetric key encryption
Ks is a temporary symmetric key
KUbank is public key of bank
CA is Cardholder or customer Certificate
Digital Envelope = E(KUbank, Ks)

Purchase Request Validation on Merchant Side: The Merchant verifies by

comparing POMD generated through PIMD hashing with POMD generated through
decryption of Dual Signature as follows:
Since we used Customer’s private key in encryption here we use KUC which is the
public key of the customer or cardholder for decryption ‘D’.

Payment Authorization and Payment Capture: Payment authorization as the

name suggests is the authorization of payment information by the merchant which
ensures payment will be received by the merchant. Payment capture is the process
by which a merchant receives payment which includes again generating some
request blocks to gateway and payment gateway in turn issues payment to the
merchant.

The disadvantages of Secure Electronic Exchange: At the point when SET was
first presented in 1996 by the SET consortium (Visa, Mastercard, Microsoft,
Verisign, and so forth), being generally taken on inside the following couple of
years was normal. Industry specialists additionally anticipated that it would
immediately turn into the key empowering influence of worldwide internet business.
Notwithstanding, this didn’t exactly occur because of a few serious weaknesses in
the convention.

The security properties of SET are better than SSL and the more current TLS,
especially in their capacity to forestall web based business extortion. Be that as it
may, the greatest downside of SET is its intricacy. SET requires the two clients and
traders to introduce extraordinary programming – – card perusers and advanced
wallets – – implying that exchange members needed to finish more jobs to carry out
SET. This intricacy likewise dialed back the speed of web based business
exchanges. SSL and TLS don’t have such issues.
The above associated with PKI and the instatement and enlistment processes
additionally slowed down the far reaching reception of SET. Interoperability among
SET items – – e.g., declaration interpretations and translations among entrusted
outsiders with various endorsement strategies – – was likewise a huge issue with
SET, which likewise was tested by unfortunate convenience and the weakness of
PKI.
6.1 QUESTION BANK

UNIT I

TWO MARKS

1. Define Information Security.

It is a well-informed sense of assurance that the information risks and controls are in
balance.

2. What is Security?

Security is “the quality or state of being secure-to be free from danger”.

3. What are the multiple layers of Security?

• Physical Security

• Personal Security

• Operations Security

• Communication Security

• Network Security

• Information Security

4. What are the characteristics of CIA triangle?

• Confidentiality

• Integrity

• Availability

5. What are the characteristics of Information Security?

• Availability

• Accuracy

• Authenticity

• Confidentiality
 • Integrity

• Utility

• Possession

6. What is E-mail Spoofing?

It is the process of sending an e-mail with a modified field.

7. What is UDP Packet Spoofing?

User Data Protocol (UDP) Packet Spoofing enables the attacker to get unauthorized
access to data stored on computing systems.

8. What are the measures to protect the confidentiality of information?

• Information Classification

• Secure document storage

• Application of general Security Policies.

• Education of information end-users

9. What is Utility of information?

Utility of information is the quality or state of having value for some purpose or end.

10. What are the components of information system?

• Software

• Hardware

• Data

• People

• Procedures

• Networks.

11. What are the functions of Locks & Keys?

Locks & Keys are the traditional tools of physical security, which restricts access to, and
 interaction with the hardware components of an information system.

12. What is Network Security?

It is the implementation of alarm and intrusion systems to make system owners aware
ofongoing compromises.
13. Differentiate Direct and Indirect attacks.

Direct Attack

1. It is when a hacker uses his personal computer to break into the system

2. Originate from the threat itself

Indirect Attack

1. It is when a system is compromised and used to attack other systems, such as in a

distributed denial of service attack.

2. Originate from a system or resource that itself has attacked & it is malfunctioning or working
under the control of a threat.

14. What is SDLC?

The Systems Development Life Cycle is a methodology for the design and
implementation of an information system in an organization.

15. What is a methodology?

Methodology is a formal approach to solve a problem based on a structured sequence

ofprocedures.

16. What are the phases of SDLC Waterfall method?

 Investigation

 Analysis

 Logical Design

 Physical Design

 Implementation

 Maintenance & change.

17. What is enterprise Information Security Policy?

This policy outlines the implementation of a security program within the organization.

18. What is Risk Management?

It is the process of identifying, assessing and evaluating the levels of risk facing the
 organization.

19. What are the functions of Information Security?

 Protects the organization’s ability to function

 Enables the safe operation of applications implemented on the organizations IT systems.

 Protects the data the organization collects and uses.

 Safeguards the technology assets in use at the organization.

20. What is PKI?

Public Key Infrastructure is an integrated system of software, encryption methodologies

and legal agreements that can be used to support the entire information infrastructure of an
organization.

21. What is the use of Digital Certificates?

Digital Certificates are used to ensure the confidentiality of Internet Communications and
transactions.

22. What is Firewall?

Firewall is a device that keeps certain kinds of network traffic out of a private network.

23. What are caching network appliances?

Caching network appliances are devices that store legal copies of Internet contents such
as WebPages that are frequently referred to by employees.

24. What are appliances?

Appliances display the cached pages to users rather than accessing pages from the
servereach time.

25 .What is Security? What are the security layers ,a successful organization should have?

Security-“The quality or state of being secure--to be free from danger”

To be protected from adversaries

 Physical Security – to protect physical items,objects or areas of organization from

unauthorized access and misuse
 Personal Security – involves protection of individuals or group of individuals who are
authorized to access the organization and its operations
 Operations security – focuses on the protection of the details of particular operations or series
of activities.

 Communications security – encompasses the protection of organization’s

communications media ,technology and content

 Network security – is the protection of networking components,connections,and

contents

Information security – is the protection of information and its critical elements, includingthe
systems and hardware that use ,store, and transmit the information

PART B

1. Explain the Critical Characteristics of Information

• Availability

• Accuracy

• Authenticity

• Confidentiality

• Integrity

• Utility

• Possession

2. Explain the Components of an Information System

• Software

• Hardware

• People

• Data

• Procedures

• Networks
3. Explain SDLC in detail.

• Methodology

• Phases

• Phases

• Investigation

• Analysis

• Logical Design

• Physical Design

• Implementation

• Maintenance and change

4. Explain SecSDLC in detail

• Investigation

• Analysis

• Logical Design

• Physical Design

• Implementation

• Maintenance and change

5. Explain the functions of an Information security organization

• Protects the organization’s ability to function

• Enabling safe operation of applications

• Protecting data that organizations collect and use

• Safeguarding technology assets in organizations

 UNIT II

1. What is a threat?

Threat is an object, person or other entity that represents a constant danger to an asset.

2. What are Hackers?

Hackers are people who use and create computer software for enjoyment or to gain
accessto information illegally.

3. What are the levels of hackers?

• Expert Hacker

Develops software codes

• Unskilled Hacker

Uses the codes developed by the experts

4. What are script kiddies?

These are hackers of limited skills who expertly written software to exploit a system
butnot fully understand or appreciate the systems they hack.

5. What is a Phreaker?

A Phreaker hacks the public telephone network to make free calls.

6. What is Malicious code?

These are programs, which are designed to damage, destroy, or deny service to the
targetsystem

7. What are the types of virus?

• Macro virus

• Boot virus

8. What are trojan horses?

They are software programs that hide their true nature and reveal their designed
behavioronly when activated.
9. What is a polymorphic threat?
 It is one that changes its apparent shape over time.

10. What is intellectual propery?

It is the ownership of ideas and control over the tangible or virtual representation of
thoseideas. 35. What is an attack?

It is a deliberate act that exploits vulnerability.

11. What vulnerability?

It is an identified weakness of a controlled system with controls that are not present or
nolonger effective.

12. What are the attack replication vectors?

• Ip scan and attack

• Web browsing

• Virus

• Shares

• Mass mail

• SNMP

13. What is a brute force attack?

Trying every possible combination of options of password.

14. What are sniffers?

Sniffers are programs or device that can monitor data traveling over an network.

15. What is social engineering?

It is the process of using social skills to convince people to reveal access credentials to the
attackers.

16. What are the types of Laws?

• Civil Law

• Criminal Law
• Tort Law
 17. Differentiate Private & Public Laws.

Private Laws:

• This Law regulates the relationship between the individual and the organization.

• Eg: Family Law, Commercial Law, Labor Law Public Law:

• This Law regulates the structure and administration of government agencies and their
relationship with the citizens, employees and other governments.

• Eg: Criminal Law, Administrative Law, Constitutional Law.

18. What are the fundamental principles of HIPAA.

1. Consumer control of medical information.

2. Boundaries on the use of medical information.

3. Accountability for the privacy of private information.

4. Security of health information.

19. What are the general categories of unethical and illegal behaviour?

• Ignorance

• Accident

• Intent

20. What is deterrence?

• It is the best method for preventing illegal or unethical activity.

• Examples are laws, Policies and technical controls.

21. What are the forces of Nature affecting information security?

Forces of Nature

 Forces of nature, force majeure, or acts of God are dangerous because they are unexpected
and can occur with very little warning

 Can disrupt not only the lives of individuals, but also the storage, transmission, and use of
information
 Include fire, flood, earthquake, and lightning as well as volcanic eruption and insect
infestation
  Since it is not possible to avoid many of these threats, management must implement
controls to limit damage and also prepare contingency plans for continued operations

22. What are technical hardware failures or errors?

Technical Hardware Failures or Errors

 Technical hardware failures or errors occur when a manufacturer distributes to users

equipment containing flaws

 These defects can cause the system to perform outside of expected parameters, resulting in
unreliable service or lack of availability

 Some errors are terminal, in that they result in the unrecoverable loss of the equipment

 Some errors are intermittent, in that they only periodically manifest themselves, resulting in
faults that are not easily repeated

23. What are technical software failures or errors?

Technical Software Failures or Errors

 This category of threats comes from purchasing software with unrevealed faults

 Large quantities of computer code are written, debugged, published, and sold only to
determine that not all bugs were resolved

 Sometimes, unique combinations of certain software and hardware reveal new bugs

 Sometimes, these items aren’t errors, but are purposeful shortcuts left by programmers
for honest or dishonest reasons

24. What is technological obsolescence?

Technological Obsolescence

 When the infrastructure becomes antiquated or outdated, it leads to unreliable and

untrustworthy systems

 Management must recognize that when technology becomes outdated, there is a risk of loss
of data integrity to threats and attacks

 Ideally, proper planning by management should prevent the risks from technology obsolesce,
but when obsolescence is identified, management must take action
 25.What is an attack?

Attacks

 An attack is the deliberate act that exploits vulnerability

 It is accomplished by a threat-agent to damage or steal an organization’s information or

physical asset

o An exploit is a technique to compromise a system

o A vulnerability is an identified weakness of a controlled system whose controls are not

present or are no longer effective

o An attack is then the use of an exploit to achieve the compromise of a controlledsystem

26. What is a malicious code?

Malicious Code

 This kind of attack includes the execution of viruses, worms, Trojan horses, and active web
scripts with the intent to destroy or steal information

 The state of the art in attacking systems in 2002 is the multi-vector worm using up to six attack
vectors to exploit a variety of vulnerabilities in commonly found information system devices

PART B

1. Explain the categories of Threat in detail.

• Acts of human error or failure

• Deviations in QOS by service providers

• Deliberate acts of espionage or trespass

• Deliberate acts of information extortion

• Deliberate acts of Sabotage or vandalism

• Deliberate acts of theft

• Deliberate software attacks

• Compromises to Intellectual Property

• Forces of Nature.
2. Explain the types of Attacks in detail?

• Malicious code

• Hoaxes

• Back Doors

• Password Crack

• Brute Force

• Dictionary

3. Explain General Computer Crime Laws.

• Computer Fraud & abuse Act 0f 1986

• USA Patriot Act of 2001

• Communications Decency Act

• Computer Security Act of 1987

4. Explain Ethical Concepts in Information Security.

• Cultural Differences in Ethical Concepts

• Software License Infringement

• Illicit use

• Misuse of corporate resources

IT2042 INFORMATION SECURITY
IT2042 INFORMATION SECURITY

SCE 206 DEPARTMENT OF CSE

IT2042 INFORMATION SECURITY

SCE 207 DEPARTMENT OF CSE

 IT2042 INFORMATION SECURITY

B.E/B.Tech DEGREE EXAMINATION,NOVEMBER/DECEMBER 2007

Seventh Semester Computer Science and Engineering
CS1014- INFORMATION SECURITY
(Regulation 2004)
Time :Three hours Maximum:100
Marks.

Answer ALL questionsPART A-(10*2=20)

1. State the critical Characteristics of information.

2. List the components used in security models.

3. Name the counter measure on threats.

4. Differentiate between threats and attacks.

5. Mention the benefits of risk management.

6. State the roles involved in risk management.

7. Name the people affected in security policies.

8. State the pros of VISA international security model.

9. List any two IDS. Mention its category of classification.

10. What are the basic functions of access control devices?

PART B-
(5*16=80)

11 (a) Discuss in detail the NSTISSC security model. (16) Or

(b) What is SDLC? Illustrate the security of SDLC. (16)

12 (a) Explain in detail the different types of cryptanalytic attacks. (16) Or

(b) Discuss in detail the Legal, Ethical and Professional issues during the security
investigation. (16)

13 (a) What is risk management? State the methods of identifying and assessing risk
management. (16) Or
(b) Discuss in detail the process of assessing and controlling risk management issues.

14 (a) (i) Compare and contrast the ISO 17700 with BS 7799 NIST security models. (10)
(ii) Briefly explain the NIST security model. (6) Or

SCE 208 DEPARTMENT OF CSE

 IT2042 INFORMATION SECURITY

(b) List the styles of architecture security models. Discuss them in detail. (16)

15 (a) (i) What is intrusion detection system? Explain its types in detail. (10)
(ii) Write short notes on scanning and analysis tools used during the security design. (6)
Or
(b) (i) What is cryptography? Discuss the authentication models used in cryptography. (10)
(ii) Write short notes on the control devices used in security design. (6)

B.E/B.Tech DEGREE EXAMINATION,NOVEMBER/DECEMBER 2008

Seventh emester
Computer Science and Engineering CS 1014- INFORMATION
SECURITY
(Regulation 2004)
Time :Three hours Maximum:100 Marks.

Answer ALL questions

PART A (10 x 2 =20
marks)
1. Mention the components of Information security.

2. How is

the top-down approach to information Security superior to the bottom-up approach? 3.What

are the types of password attacks?

4. What is the difference between Criminal law and Civil law?

5. Why do
networking components need more examination from an Information Security perspective
than from a Systems development perspective?

6.What is a cost-benefit analysis?

7. W

hat is a policy? How does it different from a law?

8.When do we call attacks as incidents?

9. Differentiate Symmetric encryption and Asymmetric encryption.

10. What is a honey pot?

PART B (5 x 16 = 80)
SCE 209 DEPARTMENT OF CSE
 IT2042 INFORMATION SECURITY

11. (a) (i) How has Computer Security evolved into modern Information security? Explain. (8)
(ii) Why is a methodology important in the implementation of Information Security? How does a
methodology improve the process? Explain. (8)(or)

(b) What are the phases in the Security Systems development life cycle? Explain in detail.

SCE 210 DEPARTMENT OF CSE

 IT2042 INFORMATION SECURITY

12. (a) (i) Describe the three general categories of unethical and illegal behaviour. (8)
(ii) What can be done to deter someone from committing a crime? Explain. (8)(or)

(b)(i) What is a buffer overflow? How is it used against a web

server? Explain. (12) (ii) How do worms differ from viruses? (4)

3.(a) Describe Risk mitigation. Explain the planning approaches to mitigate risks. (16)(or)

(b) Define risk management, risk identification and risk control. Illustrate it
with a real time application. (16)

14. (a) Classify each of the following occurrences as an incident or disaster. If an occurrenceis a
disaster, determine whether business continuity plans would be called into play.
(i) A hacker gets into the network and deletes files from a server.

(ii) A fire breaks out in the storeroom and sets off sprinklers on that floor. Some computers
a are damaged, but the fire is controlled.
(iii) Employees go on strike, and the company could be without critical workers for weeks.
(iv) A disgruntled employee takes a critical server home, sneaking it out after hours.
For each of the scenarios above, describe the steps necessary to restore operations. Indicate
whether law enforcement would be involved. (4+4+4+4) (or)
(b) What is Contingency planning? Describe its components. How is it different from
routine management planning? Explain. (16).

15. (a) (i) How do the security considerations for temporary or contract employees differ from
those of regular full-time employees? Explain. (8)

(ii) What is Collusion? How does the separation of duties influence collusion? Explain. (8)
(or)

(b) Describe the categories and operating models of Intrusion Detection Systems (IDS) in detail.
(16)

SCE 211 DEPARTMENT OF CSE

IT2042 INFORMATION SECURITY

SCE 212 DEPARTMENT OF CSE

IT2042 INFORMATION SECURITY

SCE 213 DEPARTMENT OF CSE